Infected Computer Need Help

[CannonComp]

my computer has been infected with a number of Adware and Malware and it is seriously effecting my computers proformance.

The main things that show up when i use Spyware Doctor are:

Application.TrackingCookies
Adware.Advertising
Trojan-downloader.conhook(this only sometimes shows up on scan results)

what to i do?

Also when i try to open my documents, control panel, my computer ect the computer turns these programs down

 

[CannonComp]

Here is the HJT log

(old log)

 

[CannonComp]

Please anybody?

If i dont get any help all i can think of is to reinstal windows

 

[kritius]

Next please follow these instructions. Your version of Hijackthis is out of date

First please go to Start -> Control Panel -> Add/remove programs and uninstall Hijackthis.

Highjackthis Instructions

• Make sure you have the LATEST version of HJT (currently v2.0.2) it can be downloaded from HERE
• Run the HijackThis Installer and it will automatically place HJT in C:\Program Files\TrendMicro\HijackThis\HijackThis.exe. Please don't change the directory.
• After installing, the program launches automatically, close it.

Next,

I need you to follow all the steps HERE and then post back with the three requested logs as attachments

• AVG antispyware
• ComboFix
• Hijackthis (step 15)

Dont forget to make sure that AVG is set to quarantine the results, that HJT is the last step and to let us know the results of the antirootkit scan.

 

[CannonComp]

Thanks for the post i am just following the instructions now

 

[CannonComp]

This is the DSS log

 

[CannonComp]

This is the New HJT Log

I couldnt qaurantine the Anti Spyware program so i didnt bother putting a log on for that

 

[kritius]

Combofix not work then? You only need to do DSS if you couldnt get combo running.

 

[Blind Dragon]

You need to clear everything from this folder also ->C:\Users\Peter\AppData\Local\Temp

 

[CannonComp]

You need to clear everything from this folder also ->C:\Users\Peter\AppData\Local\Temp

i deleted some of i before and now when i boot up it comes up with errors and i dont have a desktop background

cant delete "low" "~DF7E03" "~ROMFN_000008C4" "qomnm"

 

[CannonComp]

Combofix not work then? You only need to do DSS if you couldnt get combo running.

yer combofix didnt work so i just folowed instructions and did tht1 instead

 

[Blind Dragon]

Did you have a custom desktop from somewhere on the web

Those other files are probably in use, which is fine

 

[CannonComp]

nope i had a desktop that was supplied with the computer

 

[Blind Dragon]

You should easily be able to set it again. As for the errors what are they referencing?

 

[CannonComp]

it says that a file is missing not sure what 1 it is though

also i tryed to get it back and i couldnt it might have something to do with the virus/malware

 

[Blind Dragon]

Removed***** Posting Full instructions below

 

[CannonComp]

thanks for the help im going for the night but i will try it again tommorow and see what happens i will then report back

 

[Blind Dragon]

Run Smitfraudfix

• Download Smitfraudfix by S!ri from HERE
• Reboot your computer in Safe Mode (before the Windows icon appears, tap the F8 key continually)
• Double-click SmitfraudFix.exe
• Select 2 and hit Enter to delete infected files.
• You will be prompted: Do you want to clean the registry ? answer Y (yes) and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection.
• The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found): Replace infected file ? answer Y (yes) and hit Enter to restore a clean file.
• A reboot may be needed to finish the cleaning process. The report can be found at the root of the system drive, usually at C:\rapport.txt

Navigate to C:\Windows\Temp
Click Edit, click Select All, press the DELETE key, and then click Yes to confirm that you want to send all the items to the Recycle Bin.

Navigate to C:\Documents and Settings\(EVERY LISTED USER)\Local Settings\Temp
Click Edit, click Select All, press the DELETE key, and then click Yes to confirm that you want to send all the items to the Recycle Bin.

-------------------------------------------------------------------------------------------------------------------------------------------

 

[CannonComp]

ok i rebooted after running thoose scans and this time no errors came up however when i try to go into control panel to change my background the task bar disappears and then control panel shuts down

Also Tea Timer was off before

edit- when i rebooted a second time it came up with the following messages:

Error loading C:\users\(name of user)\Appdata\local\Temp\:

ibgnwwpj.dll
aunkvdam.dll
wghdwilg.dll
qomnm.dll

The specified module could not be found

 

[Blind Dragon]

Have you ran smitfraudfix yet?

 

[CannonComp]

I have run SmitFraudFix but the log is too big
what should i do?

 

[Blind Dragon]

That's what I thought. Can you please click on my name and select send an email to blind dragon. For the subject put Cannoncomp - Smitfraud

Run Hijackthis again and attach the log in this thread

 

[CannonComp]

Ok E-Mail sent and here is the HJT log that you asked for

 

[Blind Dragon]

Malwarebytes' Anti-Malware

• Please download Malwarebytes' Anti-Malware to your desktop.
  
• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to
  • Update Malwarebytes' Anti-Malware
  • and Launch Malwarebytes' Anti-Malware
• then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform full scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidently close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Let's see if combofix will work for you. If it does, it should make this a lot easier.
Combofix

• Download Combofix to your desktop.
• Double click combofix.exe & follow the prompts.
• A window will open with a warning.
• Type "1" (and Enter) to start the fix.
• When the scan completes it will open a text window. Please attach that log back here together with a fresh HJT log.

Caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Combofix is a very powerful tool so please do NOT do anything without instruction

Combofix will automatically save the log file to C:\combofix.txt

 

[CannonComp]

Malwarebytes' Anti-Malware 1.10
Database version: 589

Scan type: Quick Scan
Objects scanned: 31280
Time elapsed: 4 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\Microsoft\aldd (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\MS Juan (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> No action taken.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MS Juan (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cmds (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BM25c01fcb (Trojan.Agent) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)