[Resolved] removing stopsign software

Welcome! Register for a free account (or login) > How does it work?

Quickly register. It will only take 60 seconds.
Start a new topic. Ask your question. Wait for an email reply.
Is your system infected? Begin reading the malware removal guide.

What the Tech > Spyware / Malware / Virus Removal > Infections Removal

[Resolved] removing stopsign software, phony malware remover

Options

portpalgal View Member Profile	Sep 17 2009, 11:06 PM Post #1
Authentic Member Group: Authentic Member Posts: 40 Joined: 17-September 09 Member No.: 87,974 Operating System: vista	My kid uploaded the stopsign software. I tried removing it with adaware and also malwarebytes, but no luck. I followed the initial instructions. Here is a copy of my hijack this log. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:00:20 PM, on 9/17/2009 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16890) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\RtHDVCpl.exe C:\Windows\WindowsMobile\wmdc.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Zune\ZuneLauncher.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\SpiralFrog\Spiralfrog.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Windows\ehome\ehtray.exe C:\ProgramData\59f35a4\WP59f3.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Dell Network Assistant\ezi_hnm2.exe C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\Windows\system32\wuauclt.exe C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://partnerpage.google.com/smallbiz.del...amp;ibd=2071213 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://partnerpage.google.com/smallbiz.del...amp;ibd=2071213 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O1 - Hosts: ::1 localhost O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe" O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SpiralFrog] C:\Program Files\SpiralFrog\Spiralfrog.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [Windows PC Defender] "C:\ProgramData\59f35a4\WP59f3.exe" /s /d O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe O4 - Global Startup: Dell Network Assistant.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O13 - Gopher Prefix: O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL,avgrsstx.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: DellAMBrokerService - Unknown owner - C:\Program Files\DellAutomatedPCTuneUp\brkrsvc.exe O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: lxbl_device - - C:\Windows\system32\lxblcoms.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- End of file - 8880 bytes here also is a copy of the malwarebytes scan log Malwarebytes' Anti-Malware 1.41 Database version: 2775 Windows 6.0.6000 9/17/2009 9:58:04 PM mbam-log-2009-09-17 (21-58-04).txt Scan type: Full Scan (C:\\|D:\\|E:\\|F:\\|) Objects scanned: 231722 Time elapsed: 1 hour(s), 12 minute(s), 25 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 1 Folders Infected: 2 Files Infected: 21 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_CURRENT_USER\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (http://search-gala.com/?&uid=157&q={searchTerms}) Good: (http://www.Google.com/) -> Quarantined and deleted successfully. Folders Infected: C:\Program Files\Common Files\PersonalAntiSpy (Rogue.PersonalAntiSpy) -> Quarantined and deleted successfully. C:\Program Files\PersonalAntiSpy Free (Rogue.PersonalAntiSpy) -> Quarantined and deleted successfully. Files Infected: C:\Program Files\PersonalAntiSpy Free\Activate.dat (Rogue.PersonalAntiSpy) -> Quarantined and deleted successfully. C:\Program Files\PersonalAntiSpy Free\AsAgents.xml (Rogue.PersonalAntiSpy) -> Quarantined and deleted successfully. C:\Program Files\PersonalAntiSpy Free\atl71.dll (Rogue.PersonalAntiSpy) -> Quarantined and deleted successfully. C:\Program Files\PersonalAntiSpy Free\bnlink.dat (Rogue.PersonalAntiSpy) -> Quarantined and deleted successfully. C:\Program Files\PersonalAntiSpy Free\lapv.dat (Rogue.PersonalAntiSpy) -> Quarantined and deleted successfully. C:\Program Files\PersonalAntiSpy Free\license.rtf (Rogue.PersonalAntiSpy) -> Quarantined and deleted successfully. C:\Program Files\PersonalAntiSpy Free\mfc71.dll (Rogue.PersonalAntiSpy) -> Quarantined and deleted successfully. C:\Program Files\PersonalAntiSpy Free\msvcp71.dll (Rogue.PersonalAntiSpy) -> Quarantined and deleted successfully. C:\Program Files\PersonalAntiSpy Free\msvcr71.dll (Rogue.PersonalAntiSpy) -> Quarantined and deleted successfully. C:\Program Files\PersonalAntiSpy Free\pas.ini (Rogue.PersonalAntiSpy) -> Quarantined and deleted successfully. C:\Program Files\PersonalAntiSpy Free\pas.xml (Rogue.PersonalAntiSpy) -> Quarantined and deleted successfully. C:\Program Files\PersonalAntiSpy Free\pv.dat (Rogue.PersonalAntiSpy) -> Quarantined and deleted successfully. C:\Program Files\PersonalAntiSpy Free\readme.rtf (Rogue.PersonalAntiSpy) -> Quarantined and deleted successfully. C:\Program Files\PersonalAntiSpy Free\shellext.xml (Rogue.PersonalAntiSpy) -> Quarantined and deleted successfully. C:\Program Files\PersonalAntiSpy Free\sr.log (Rogue.PersonalAntiSpy) -> Quarantined and deleted successfully. C:\Program Files\PersonalAntiSpy Free\unins000.dat (Rogue.PersonalAntiSpy) -> Quarantined and deleted successfully. C:\Program Files\PersonalAntiSpy Free\unins000.exe (Rogue.PersonalAntiSpy) -> Quarantined and deleted successfully. C:\Program Files\PersonalAntiSpy Free\up.dat (Rogue.PersonalAntiSpy) -> Quarantined and deleted successfully. C:\Program Files\PersonalAntiSpy Free\updater.dat (Rogue.PersonalAntiSpy) -> Quarantined and deleted successfully. C:\Program Files\PersonalAntiSpy Free\updaterdb.dat (Rogue.PersonalAntiSpy) -> Quarantined and deleted successfully. C:\Program Files\SAV\sav.ooo (Rogue.SystemAntiVirus) -> Quarantined and deleted successfully. I hope you studs can help.

Replies

portpalgal View Member Profile	Sep 20 2009, 07:16 AM Post #2
Authentic Member Group: Authentic Member Posts: 40 Joined: 17-September 09 Member No.: 87,974 Operating System: vista	When I run kaspersky, it tells me that I should have an older java version btw

Posts in this topic

portpalgal [Resolved] removing stopsign software Sep 17 2009, 11:06 PM

CatByte Hi, Please do the following: Please download DDS... Sep 18 2009, 05:36 AM

portpalgal here's the dds. txt file DDS (Ver_09-07-30.0... Sep 18 2009, 06:09 AM

CatByte Hi, Please try this scanner instead: Download Ro... Sep 18 2009, 07:18 AM

portpalgal I'm having a hard time extracting the zip file... Sep 18 2009, 09:46 AM

CatByte No, Vista comes with a built in zip utility you ... Sep 18 2009, 10:10 AM

portpalgal I download the zip file and it ends up in document... Sep 18 2009, 10:32 AM

CatByte OK you need to change the location of where you a... Sep 18 2009, 10:54 AM

portpalgal Ok, so I downloaded rootrepeal to my desktop. When... Sep 18 2009, 11:18 AM

CatByte Hi right click on the zipped file > choose ... Sep 18 2009, 11:50 AM

portpalgal "Compressed (zipped) folders" is not one... Sep 18 2009, 09:22 PM

CatByte Can you please tell me what options you do have av... Sep 19 2009, 04:38 AM

portpalgal The error message I get is. "windows cannot ... Sep 19 2009, 10:04 AM

CatByte QUOTE The programs that are in the "open with... Sep 19 2009, 10:11 AM

CatByte Hi, just going back to extracting zipped files fo... Sep 19 2009, 10:24 AM

portpalgal I get a similar box as the first one you show. I... Sep 19 2009, 12:46 PM

CatByte OK Please run the sysprot program Sep 19 2009, 12:48 PM

portpalgal Isn't sysprot in a zip file also? I have the s... Sep 19 2009, 01:15 PM

CatByte Hi, what happens when you choose the extract opti... Sep 19 2009, 02:18 PM

portpalgal here's the combofix log ComboFix 09-09-18.02 ... Sep 19 2009, 09:18 PM

CatByte Hi, Please do the following: Please download Sy... Sep 19 2009, 09:28 PM

portpalgal SystemLook v1.0 by jpshortstuff (29.08.09) Log cre... Sep 19 2009, 09:36 PM

portpalgal Meeting Manager for Mozilla Firefox/Netscape Navig... Sep 19 2009, 09:37 PM

portpalgal System appears to be running great. The original ... Sep 19 2009, 09:45 PM

CatByte Hi, Please do the following: Your WinRar program... Sep 19 2009, 09:50 PM

portpalgal removed the winrar program with control panel upd... Sep 19 2009, 10:06 PM

CatByte Hi, Please do the following: This should restore... Sep 20 2009, 03:10 AM

portpalgal after I downloaded erunt, when I ran it, I got som... Sep 20 2009, 06:07 AM

CatByte QUOTE I also tried to unzip a compressed file and ... Sep 20 2009, 06:55 AM

portpalgal Yes, it was after the registry fix. Here's t... Sep 20 2009, 07:11 AM

CatByte the log indicates "no action taken" , ... Sep 20 2009, 07:12 AM

portpalgal yes, I did allow malwarebyte to clean up the files... Sep 20 2009, 07:14 AM

CatByte RE: [Resolved] removing stopsign software Sep 20 2009, 07:14 AM

portpalgal When I run kaspersky, it tells me that I should ha... Sep 20 2009, 07:16 AM

CatByte The Java Addon in IE may be disabled. Go to Tools... Sep 20 2009, 07:42 AM

portpalgal I ran the eset scanner and it stopped about 46% of... Sep 21 2009, 08:16 AM

CatByte Hi, Not sure what is still causing these issues. ... Sep 21 2009, 08:32 AM

portpalgal here's the drweb txt file combo-fix.exe... Sep 21 2009, 08:12 PM

portpalgal I have a couple friends that write code and asked ... Sep 21 2009, 08:17 PM

portpalgal also should I cure all the infections in drweb? Sep 21 2009, 08:32 PM

CatByte Hi, No, The combofix alerts are not infections j... Sep 22 2009, 02:57 AM

portpalgal here's the dds files DDS (Ver_09-07-30.01) -... Sep 22 2009, 07:14 AM

CatByte Hi, You are clean, just need to do some housekeep... Sep 22 2009, 07:29 AM

portpalgal Everything appears to be running perfectly. You gu... Sep 22 2009, 08:53 AM

CatByte you are more than welcome stay safe ~CB Sep 22 2009, 09:02 AM

CatByte Since this issue appears to be resolved ... this T... Sep 22 2009, 09:02 AM

« Next Oldest · Infections Removal · Next Newest »

Topic Title	Replies	Topic Starter	Views	Last Action
Infections Removal [Resolved] IE8 web browser keeps redirecting me	14	Marm	184	Yesterday, 09:29 PM Last post by: CatByte
Infections Removal [Resolved] XP Antivirus Pro 2010 infection 12	29	Stormicats	1,205	Yesterday, 03:58 PM Last post by: extremeboy
Infections Removal [Resolved] Perfect Keylogger.	9	lin0056	126	Yesterday, 02:34 PM Last post by: LDTate
Infections Removal [Resolved] Lots of Malware found and removed	12	km1234	174	16th March 2010 - 11:41 PM Last post by: Tomk