I Need Help Removing Malware

[Asclepius]

I realized my computer was in trouble when my background changed to a fake spyware warning. I quickly realized that system restore was disabled, active desktop was disabled, windows security center was disabled, task manager was disabled, and attempts to start windows in safe mode only led to continuous reboots until I allowed a normal start up.  It was then that I sought help and found this form.

I followed all steps in your “Read this before requesting malware removal help”  post and after running Malwarebytes all symptoms of the infection vanished.  As per your warning that this does not necessarily mean my system is clean I continued with all steps and am now posting the 3 logs to gain an official “all-clear”
 
I am running windows xp with sp3, I found no suspicious programs in add/remove programs, this is a home use machine, and I would point out that I had to grab the superantispyware log after the fact as before running malwarebytes all attempts to open notepad led to a warning that the program was infected and could not open.

I thank you all in advance for your help; I’m so grateful that people actually volunteer time to help those less knowledgeable .


[Saving space, attachment deleted by admin]

[SuperDave]

Hello Asclepius and welcome to Computer Hope Forum. My name is Superdave but you can just call me SD. I will be helping you out with your particular problem on your computer. I'm sorry for the delay. I am working under the guidance of one of the specialist of this forum so it may take a bit longer to process your logs.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

It looks like those scans got rid of a lot of bad stuff. Please do this:

Open HijackThis and select Do a system scan only

Place a check mark next to the following entries: (if there)

O4 - HKLM\..\Run: [SunJavaUpdateSched] \"C:\Program Files\Java\jre6\bin\jusched.exe\"
(Description: Sun Java update scheduler. Checks for updates. Not necessary. Removing this entry will free up a small amount of system resources.)
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
(Description: Adobe reader startup - unnecessarily uses system resources.)
O20 - AppInit_DLLs: c:\windows\system32\biyapizi.dll c:\windows\system32\wunarosa.dll fewanatu.dll c:\windows\system32\digarazo.dll c:\windows\system32\hobuyiwe.dll  c:\windows\system32\wadumepo.dll

Important: Close all open windows except for HijackThis and then click Fix checked.

Once completed, exit HijackThis.

Download ComboFix by sUBs from one of the below links.  Be sure to save it to the Desktop.

link # 1
Link # 2

Close any open web browsers (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your anti-virus, and any anti-spyware real-time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Vista users Right-click combofix.exe and select Run as Administrator and follow the prompts.
Double-click combofix.exe and follow the prompts.
When finished, ComboFix will produce a log for you.
Post the ComboFix log and a new HijackThis log in your next reply.

NOTE: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your anti-virus and anti-spyware protection when ComboFix is complete.

[Asclepius]

Thanks SD!

Here are the logs, I didn't realize combo-fix would initiate a restart so when I disabled McAfee I set it to reactivate real time protection on restart, it didn't seam to interfere with anything but i wanted to make you aware.

[Saving space, attachment deleted by admin]

[SuperDave]

Hello Asclepius. The AV was disabled and that's most important. Please do this:

Download Disable/Remove Windows Messenger to the desktop to remove Windows Messenger.

Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Unzip the file on the desktop. Open the MessengerDisable.exe and choose the bottom box - Uninstall Windows Messenger and click Apply.

Exit out of MessengerDisable then delete the two files that were put on the desktop.

ESET Online Scan

Scan your computer with the ESET FREE Online Virus Scan

* Click the ESET Online Scanner button.

* For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
* Click on the esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop
* Double click on the esetsmartinstaller_enu.exe icon on your desktop.
* Place a check mark next to YES, I accept the Terms of Use.

* Click the Start button.
* Accept any security warnings from your browser.
* Leave the check mark next to Remove found threats and place a check next to Scan archives.
* Click the Start button.
* ESET will then download updates, install, and begin scanning your computer. Please be patient as this can take some time.
* When the scan completes, click List of found threats.
* Next click Export to text file and save the file to your desktop using a name such as ESETScan. Include the contents of this report in your next reply.
* Click the <<Back button then click Finish.

In your next reply please include the ESET Online Scan Log