8 steps are complete and here are the logs

[Ccooper]

Help is greatly appreciated

 

[kimsland]

Hi Ccooper,

Regarding:

8 steps are complete and here are the logs

You must follow the guide in full, here it is again: UPDATED 8-step Viruses/Spyware/Malware Preliminary Removal Instructions
Just as your Title states, we need the logs

Now I only emphasize this, due to the other thread of yours today: I've done the 8 step process, now what

I cannot say this anymore clearer, you must read the guide (slowly), then do the scans, and then provide the logs

Otherwise we cannot help

Therefore your next reply must contain:

1. Malwarebytes Log This will be a log that shows:

• 
  An updated Malwarebytes Scan
  A full scan completed (today ideally)
  All or any found Malwares removed by you
  A log in "TXT" format (ie Notepad viewing)

2. SuperAntiSpyware Log This will be a log that shows:

• 
  An updated SuperAntiSpyware Scan
  A full scan completed (today ideally)
  A log in "LOG" format (ie Notepad viewing)

3. HijackThis Log This will be a log that shows:

• 
  An updated HijackThis Scan
  scan done after the other scans have completed (today ideally)
  A log in "LOG" format (ie Notepad viewing)

All available as attachments only, refer h e r e for help with that

Do Not Reply Without Those 3 Logs Attached

Edit:

By the way I just read you attached HijackThis log. Obviously you do not know what you are doing.
It may be best for you to get someone there a little more technical than you, to help you, seeming you have now tried this multiple times on multiple threads.

 

[Bobbye]

CCooper, since you are admittedly new to this process, here's a hand.

The guide TechSpot provides, consist in part of scanning with three cleaning programs and when through, attaching all three complete logs. Kim has given you this guide to take you through:
UPDATED 8-step Viruses/Spyware/Malware Preliminary Removal Instructions:
https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/

You may not realize that a hyperlink was created and shows in blue> clicking on that would have taken you to the URL with the 8 steps, and we need the complete logs for each program.

Please do that and we will check your logs.

 

[Ccooper]

What do you think?

you may need these as well

This is all

 

[kimsland]

You Malwarebytes program definitions are old (I'd say by a couple of weeks)
You may want to update it and run a quick scan (I say quick, as your normal scan took a whopping 9Hrs !)

38 viruses and/or unwanted programs were found

Amazing howmany Viruses were found!


Combofix Instructions

• Download Combofix to your desktop.
• Double click Combofix & follow the prompts.
• A window will open with a warning.
• When the scan completes it will open a text window. Please attach that log back here together with a fresh HJT log.

Caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Combofix is a very powerful tool so please do NOT do anything without instruction

Combofix will automatically save the log file to C:\combofix.txt
Also attach a fresh HiJackThis scan ran afterwards



EDIT

Oh and no need to reply to yourself. Always use EDIT when yours is the last post in the thread


EDIT 2

P2P Warning!

• IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.
  
  LimeWire
  
  Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
  Once upon a time, P2P file sharing was fairly safe. That is no longer true. You may continue to use P2P sharing at your own risk; however, please keep in mind that this practice may be the source of your current malware infestation
  
  I'd like you to read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.
  
  References for the risk of these programs can be found in these links: http://www.microsoft.com/windows/ie/community/columns/protection.mspx
  http://www.techweb.com/wire/160500554
  http://www.internetworldstats.com/articles/art053.htm
  See Clean/Infected P2P Programs here
  
  I would recommend that you uninstall LimeWire, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.
  
  If you wish to keep it, please do not use it until your computer is cleaned.

I'll just add to this quote
Limewire MUST be removed



Waiting on the 2 required logs... (I'll quote this part in red if they don't come with your next post )
.

 

[Ccooper]

Here you are

And my Limewire is now deleted. Thanks it seems to be working better all ready. What do you suggest now?

 

[kimsland]

-> No action taken on MBAM scan, for found issues

Download and Run Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware to your desktop.

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to:
  • Update Malwarebytes' Anti-Malware
  • Launch Malwarebytes' Anti-Malware
• Then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform full scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected. <========= Not Done

Please re-run Malwarebytes
Confirm updated (third tab)
Then do the above quoted message, but this time "Remove all found issues"

By the way, you will need to then restart, and run (and attach) a new HJT log

Edit:

uTorrent listed in ComboFix log, please remove all File Sharing programs

 

[Bobbye]

I'm sorry to see that my reply indicating that the logs kim referred to as old were instead, current.

As for what is showing in the Mbam log this time, with no action taken:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

I suggest that someone ask CCooper if HE has disabled the Security Center!

 

[Ccooper]

Here are the logs

Here are the logs and U torrent is also disabled. What security settings?

 

[Bobbye]

Your logs are clean. Is there some reason why you attached two clean Malwarebytes logs and no SuperAntispyware log?

What specifically are the problems now?

 

[kimsland]

Un-install Viewpoint : Removal Tool Here

You may want to un-install SuperAntispyware now (this is User's choice)

The following entries in HijackThis are NOT malware, but can be safely removed
Please place a tick in the checkbox in another HijackThis (scan only) against the following entries. Then select FIX

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

Then go to Start >> Run - type or copy/paste control sysdm.cpl,,4 and then press Enter
* Tick on the checkbox - Turn off System Restore on all drives
* Click Apply
Turn it back 'On' by unticking the same checkbox & click Apply, and then OK

Restart. Report on how it seems to be running

 

[Ccooper]

I've done everything that you have asked of me and my computer is running spectacular thanks to you. I really appreciate all of your help, it's people like you that can can slowly but surely help make our world a better and more productive place. One day I hope to be on the other end, helping users or my company excel in various areas. Do you have any advice as to where I could research my major and maybe get ahead of the game? And thanks to you too Bobbye.

 

[kimsland]

Thanks for the update :grinthumb

All I can say is hang around at TechSpot for a while and you pick up some excellent basics and free tools
Having a good grounding is what it's all about

 

[Bobbye]

WE can go a step further on those unneeded startups kimsland mentioned. You can have HijackThis remove the entries but must add this:

For QuickTime Task:
Quote:
1. Use msconfig to UNCHECK any QuickTime entries on Startup> Apply> OK
2. Disable tray icon: Right-click on the icon and select QuickTime Preferences > Browser Plugin. Clear the check box next to "QuickTime system tray icon," and then close the settings box. The icon won't appear anymore.
3. Rename the qttask.exe file:
Right click on Start> Explore> Programs> QuickTime directory> right click on qttask.exe> rename to qttask.exeold.[/QUOTE]

iTunesHelper.exe Big resource user!

Background task installed by Apple's iTunes music player and also by version 7 of QuickTime which now comes inseparably bundled with iTunes. It is thought that this task used to be a 3rd party add-on program in the early days of Apple's iPod when its iTunes software was incompatible with many CD-Writers. This task does not need to be installed as a startup since iTunes starts it up anyway when it needs it.
1. UNCHECK on Startup menu using msconfig. It uses nearly 6MB of memory.

Adobe Reader Speed Launcher

1. Use msconfig to UNCHECK all; Adobe Reader entries> Apply> OK
2. Open the Adobe Reader and Disable all Toolbars-unless you use the PDF feature frequently.
3. Change the Adobe LM Service to Manual Startup.
4. Only the most current version (now v9) should be listed in Add/Remove Programs.

SunJavaUpdateSched

To stop: Control Panel> Java> Update tab> UNCHECK 'check automatically check for update'> Apply> answer Yes to confirmation message that comes up> Close.
(NOTE: every time you update, install or uninstall, this process puts itself back. You don't want it to run, so keep that in mind and stop as needed.

I also have instructions for REAL PLAYER and BONJOUR/MDSRESPONDER: if you need them.

For msconfig: Start> Run> msconfig> enter> Selective Startup> Startup tab>>> make changes> Apply> OK.
For Services: Start> Run> services.msc> right click on the Service you want to change> make the change in the Startup type (Manual or Disabled)> Close.

NOTE: the first time you reboot after making changes on the startup menu using the msconfig utility, you will get a nag message-it can be ignores and closed after checking 'don't show this message again'. Stay in Selective Startup.

Let us know if you need any more help.