Many problems.....please help!

[Jazzy88]

OK - obviously I've got something wrong - computer is running extremely slow, booting up takes 10-15 minutes - same as shutting down, web pages take several minutes to load (if at all), etc. I've read the rules on what to do before posting here and downloaded Super AntiSpyware, Malwarebytes' Anti-Malware and HiJack This. I ran MBAM but after completing the scan I didn't see anywhere where it offered to clean the items it found. Not only that but it doesn't show any logs either. I've ran it several times & it's the same thing.

Any idea what is happening?

Thanks!

[evilfantasy]

Just get what logs you can and post them.

[Jazzy88]

ok - I've attached some logs. Superantispyware was done first, then Combofix, then Hijack this log was created.

Thanks!

[recovering space - attachment deleted by admin]

[evilfantasy]

Although it was needed, I wasn't actually looking for a combofix log, please try not to run any tools unless asked. Some are very powerful and can destroy a PC if used improperly.


If there are any warez/cracked programs on the PC remove them now.

Even a single click on the site can drop multiple forms of very serious malware, many of which disable your onboard protection, and System Restore.

If you install the cracked software, you are running executable files from these dubious, unknown sources. You are in effect giving these sources access to information on your hard disk, and potential control over the operation of your computer.

Additionally, cracked programs are illegal.

----------

Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.

• Click Start , then Run
  
• Type notepad.exe in the Run Box.
  

2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code: [Select]

KillAll::

Folder::
C:\WINDOWS\VmFsdWVkIEN1c3RvbWVy

File::
C:\WINDOWS\system32\lpjooesx.exe
C:\WINDOWS\system32\qyskketg.exe
C:\WINDOWS\system32\atmtd.dll.tmp
C:\WINDOWS\system32\rvhqjxoh.exe
C:\jfcjr.exe
C:\flciijjq.exe
C:\1154735127
C:\60.tmp
C:\WINDOWS\b156.exe_old
C:\EZ-DJ_Plus_v1.2_-_By_Samurize.rar
C:\WINDOWS\SCE2287D1.tmp

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BM47e0ef24"=-

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{FA8BE6D5-40E0-48B8-B317-18A4A590918A}"=-

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byXPJYrq]
3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!



ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick combofix's window while it is running. That may cause your system to freeze

----------

After combofix has completed run a new Hijackthis scan and post the new log from it along with the combofix log.

[Jazzy88]

New combofix and Hijack This logs attached.

Is it ok to attach these logs or do you prefer them copied into the post?

Thanks for all your help!

[recovering space - attachment deleted by admin]

[evilfantasy]

Either way, attached or copied is fine.

Open Hijackthis and select Do a system scan only then place a check mark next to:

O20 - Winlogon Notify: byXPJYrq - byXPJYrq.dll (file missing)

Now click Fix checked.

Exit Hijackthis.

----------

You need to install a free antivirus and do a full scan with it.

Pick one of these.

http://www.filehippo.com/download_avast_antivirus/
http://www.filehippo.com/download_avg_antivirus/

----------

Before you start the scan uninstall combofix.

Time to do some cleanup and secure the work you have done.

• Click START then RUN
  
• Now type Combofix /u in the runbox
  
• Make sure there's a space between Combofix and /u
• Then hit Enter.

.
----------

Now do the antivirus scan and have it remove or quarantine anything it finds.

Let me know how things are now.

[Jazzy88]

ok - I did everything as you said - fixed that missing file with HiJack This, uninstalled Combofix, downloaded and ran the AVG antivirus & it came up clean. Computer is running much better. Do you think I am clean?

[evilfantasy]

From the logs and now the AVG scan I would think you are in the clear

You need to do a few more final steps.

Set a New Restore Point to prevent possible reinfection from an old one
Setting a new restore point AFTER cleaning your system will enable your computer to roll-back to a clean working state if needed.

• Go to Start > Programs > Accessories > System Tools and click System Restore
  
• Choose the radio button marked Create a Restore Point on the first screen then click Next Give the Restore Point a name then click Create.
  
• The new restore point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
• Next go to Start > Run and type Cleanmgr
  
• Click OK
  
• Click the More Options Tab.
  
• Click Clean Up in the System Restore section to remove all previous restore points except the newly created clean one.

.
----------

Here are some great tools to help you keep from getting infected again. These tools use little or no resources so won't slow down your PC.

To prevent unknown applications from being installed on your computer install WinPatrol 2007

Another thing I would suggest installing SiteAdvisor. SiteAdvisor rates sites on business practices and spam.

SpywareBlaster - Secure your Internet Explorer to make it harder for these ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware

And finally.

Learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place?

Let us know if anything else comes up.

[Jazzy88]

Awesome! Thanks so much for all your help. I think I have learned my lesson about using warez & crackz.

Have a great night!