Trojan.fakealert and others

[crystalline]

I have completed the above steps, and the majority of the infection seems to be gone. However, when I start Windows... it is EXTREMELY slow, sometimes taking up to 10 minutes to start, before I can access anything. I'm wondering if I haven't damaged something important by deleting all of this stuff... I don't think it's a complicated fix, I just need to know what to do, or someone to inform me that my computer is clean, and it's just a problem with my computer. Thanks. Here are my logs.

 

[kimsland]

Uninstall SuperAntiSpyware

Then download Combofix
Lots of info on its use h e r e
Direct download h e r e

Save it to a location that you can easily find later (in Safe Mode) ie directly to C drive

Restart your computer to Safe Mode (by repeatedly pressing F8 on your keyboard before Windows starts)
Log into your Administrator account
Locate the previously downloaded Combofix
Double click on it to run, answering any prompts along the way
Note: during Combofix scan (lasting up to 10mins) your Desktop and clock may reset (all normal)

Once Combofix has finished, save the log file to be attached to a new reply
Restart back to Normal mode, and attach the Combofix log

Whilst waiting for my reply, you may want to re-open Malwarebytes; update it again; and then run another full scan (I'm thinking there may still be more uncovered malwares to remove) I would do this

 

[crystalline]

Alrighty, here is the combo-fix log... I will scan with the Malware Bytes software again... thanks so much!

 

[kimsland]

Quite a few issues

Please uninstall:

LimeWire
BitTorrent
Ad-Aware


Please run the Norton Removal tool: Norton Removal tool

Then do a scan only with HijackThis
On every entry that has "file missing" (at the end of each entry) Tick the boxes, then select fix (there should be a few of these)

Then restart
Attach the MalwareBytes log
Run a new HijackThis scan and log; and attach the log to a new reply

 

[crystalline]

Ok, I fixed everything that said file missing, but when I ran Hijack this after the restart, it appears to find the same issues. Bollocks. Anyway. Here are my new logs, as requested.

 

[kimsland]

Startup HijackThis scan only
Place a tick next to the entry of the following
Shutdown all Internet browsers before continuing
Select Fix to all of them
Restart

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus7.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://qus7.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe
N3 - Netscape 7: # Mozilla User Preferences
// This is a generated file!
user_pref("browser.bookmarks.added_static_root", true);
user_pref("browser.history.last_page_visited", "http://browser.netscape.com/");
user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src");
user_pref("browser.startup.homepage_override.mstone", "rv:1.0.1");
user_pref("intl.charsetmenu.browser.cache", "UTF-8, ISO-8859-1");
user_pref("prefs.converted-to-utf8", true);
user_pref("timebomb.first_launch_time", "1193575486859000");
user_pref("browser.helperApps.neverAsk.openFile", "application%2Fx-java-jnlp-file");
(C:\Documents and Settings\OWNER\Application Data\Mozilla\Profiles\default\vhajzet1.slt\prefs.js)
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [BlockTracker] c:\hp\bin\BlockTracker.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [DDCActiveMenu] "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -boot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O23 - Service: PsExec (PSEXESVC) - Unknown owner - C:\WINDOWS\PSEXESVC.EXE (file missing)

Note: not all are Malware
Just do the above

 

[crystalline]

Ok, I did as requested... computer is still struggling to start Windows, and games freezing for 10-15 seconds at a time, randomly.

Booooo.

I wasn't sure if you wanted another HJT log or not, but here is one I ran when I restarted the computer.

 

[kimsland]

This one is strange

N3 - Netscape 7: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\Documents and Settings\OWNER\Application Data\Mozilla\Profiles\default\vhajzet1.slt\prefs.js)

Also lots starting
Use this program to stop lots of things starting with Windows
http://www.mlin.net/StartupCPL.shtml

 

[crystalline]

Also, and I don't know how relevant this is... but there was a Malware Bytes scan that I did inbetween the 2 that I posted logs for (the one while I was waiting for your reply, I believe? I don't remember)... the reason there was no log for it was this:

After completing the scan, I selected to delete everything... while looking at what it found, at the very bottom of the list, I don't remember the exact file name, but it was C://Windows/driver/something? or something similar.... It was something about a driver. I thought to myself, oh, crap, I don't know if I should be deleting this... as I was thinking that... the computer froze, and crashed. Since then, I have been able to get it to restart, but like I said, it has been running like crap. I just installed a new video card recently, I'm wondering if that's it... since sometimes, when I play WoW, people just show up as grainy, colorful, weird looking things... it's hard to explain. Mind you, I don't really know alot ABOUT computers so everything I told you could be completely irrelevant. It's just a concern I'm having. I have no logfile for this scan, since it shut down before completing.

Also, yes... the Netscape one is weird; I don't even use netscape. Not sure if that's what you meant by weird, though.

Thanks for all your help. I just downloaded that program.

 

[kimsland]

Ok then, well definitely remove the above "Netscape" entry in HJT (by doing a scan and tick that box, then select fix)

As for the possible driver infected missing issue, with Malwarebytes. Yes that's important, and that's why the logs are required (although this part is out of your control - as the computer froze up)

Regarding any found Malwares (from Antivirus or any malware scan) Always remove all found malwares, even if they are drivers or anything. It's possible in this case you may need to uninstall your Video card software, and download the most up to date drivers again. Here's a good drivers thread to help you locate any updated or missing drivers: https://www.techspot.com/vb/topic117607.html

By the way, after fixing the above HJT entry you will need to restart
Once you have confirmed all your system drivers are up to date, and any startups removed, you should reply with the status of your computer, and ideally another HJT scan log. (you may want to run Malwarebytes - quick scan (updated) first, before creating the new HJT log scan)

 

[crystalline]

Alrighty, computer seems to be running much better. MWB found nothing, with the quick scan, or the full one. I downloaded and installed the proper drivers with success... no more grainy colorful people on my video games, haha... There is some general sluggishness when I first start up the computer, but I do take into account that I have had it for a while, and computers don't last forever. Once it loads, though, everything runs perfectly.

Here is my updated HJT log

 

[kimsland]

Well these ones are non-essential startups:

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

Clear & Reset System Restore's Cache
Go to Start >> Run - type or copy/paste control sysdm.cpl,,4 and then press Enter
* Tick on the checkbox - Turn off System Restore on all drives
* Click Apply
Turn it back 'On' by unticking the same checkbox & click Apply, and then OK

Actually I think the main slowness is likely Zone Alarm (personally I prefer Comodo) But you could try without any for a day (ie Windows firewall on) just to see the difference
Windows firewall stops any attack in to your computer, but doesn't do fantastic on things going out :/