Help...My computer is doing Wierd Stuff

Welcome to Major Geeks!

Why are you running this PC with no antivirus protection and no reall firewall?

First you must disable Spybot's Teatimer. See this: How to disable Spybot's TeaTimer

Download this XPsp2bu.exe to your C:\ folder like MGtools was downloaded. Once you have it downloaded, just double click it to run it. It will extract some files we will need into your C:\MGtools folder. We will be using these in the next fix.


Now you need to run MSconfig and put your PC into Normal Startup mode as we requested in step 1 of the READ & RUN ME. You should not be using MSconfig like this as a permanent startup manager.

Now run this Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Uninstall the below software:
AdwareAlert
J2SE Runtime Environment 5.0 Update 6

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local;<local>
O1 - Hosts: ::1 localhost
O1 - Hosts: 91.212.65.122 browser-security.microsoft.com
O1 - Hosts: 91.212.65.122 spyware-protector-2009.com
O1 - Hosts: 91.212.65.122 www.spyware-protector-2009.com
O1 - Hosts: 91.212.65.122 secure.spyware-protector-2009.com
O1 - Hosts: 91.212.65.122 knocker
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O20 - AppInit_DLLs: ompntj.dll

NOTE: HJT may popup an error about the AppInit_DLLs line. Ignore it and click OK to continue.

After clicking Fix, exit HJT.



Now we need to use ComboFix to remove a bunch of malware files.

• Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
  • If it is not on your Desktop, the below will not work.
• Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
• Open Notepad and copy/paste the text in the below quote box into it:

• Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
• At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
• You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
• Now use your mouse to drag CFscript.txt on top of ComboFix.exe
• Follow the prompts.
• When it finishes, a log will be produced named c:\combofix.txt
• I will ask for this log below

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.

Now run Ccleaner to clean out only temp files and nothing else!

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).



Then attach the below logs:

• C:\ComboFix.txt
• C:\MGlogs.zip

Make sure you tell me how things are working now!

 

You did not address my question.

If you continue to run your PC with no protection you will always be infected and you will be refused future help.

For AdwareAlert, do the below.


Copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Make sure that you tell me if you receive a success message about adding the above
to the registry. If you do not get a success message, it definitely did not work.

Now delete the below file and folder if they still exist.
C:\Documents and Settings\Robert\Local Settings\Temp\7zS3C.tmp
C:\Program Files\AdwareAlert


Your logs were clean otherwise.

If you are not having any other malware problems, it is time to do our final steps:

1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
3. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
   • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
   • "%userprofile%\Desktop\combofix" /u
     • Notes: The space between the combofix" and the /u, it must be there.
     • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
   • Delete the C:\combofix folder from combofix (if it exists)
4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
7. Go to add/remove programs and uninstall HijackThis.
8. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
9. If you are running Vista, Windows XP or Windows ME, do the below:
   • Refer to the cleaning procedures in step 3 the READ ME for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
10. After doing the above, you should work thru the below link:
    • How to Protect yourself from malware!

 

The free version does not protect you. It is only an after the fact scanner.

Not a malware protection tool.

The free version does not protect you. It is only an after the fact scanner.

If you read the link I gave in my final instructions you will see that this is totally inadequate. You need to install one of the listed firewalls and forget the Windows firewall.

It is only an after the fact scanner.

Just a temp file cleaner. It is not a malware scanner or protection tool, but like CCleaner these are useful to remove clutter.

See the link I gave you. In short what it tells you is that you need

• one antivirus
• one realtime antispyware blocking tool. None of the free items you mentioned do this
• one real firewall which does not include the Windows firewall
• SpywareBlaster with protection enabled. This uses no resources as it is not realtime active protection.
• Spybot with just the SDhelper and Immunization feature enabled. We do not recommend using Teatimer.

 

You're welcome.

SUPERAntiSpyware is more comprehensive but it does miss many things that MBAM will find. Get the pay version of SAS and keep the free version of MBAM updated and use it as an additional backup scanner.

While doing this is fine, none of these are really malware issues. Yes malware may deposit itself in temp folders but once you are infected, just simply emptying temp folders will not remove the malware. Thus these steps would not protect you from malware. That is why you need multi-layer protection from AV, AS, and firewall. The real key is still an educated PC user.

You can spend spend as much time as you like reading threads in the Malware Forum which will give you lots of info. If you wish to learn the are of malware removal, the are some sites that offer training. But be aware that they are very slow paced and quite intensive and it takes lots of time and dedication on your part. See the below for more info:

Becoming A Malware Forum Helper