A Variety of Malware - Help

Hi all

i still have problems and everything is getting mighty slow and busy with all this anti V/MW loaded!

I have carried out all the steps possible from http://forums.majorgeeks.com/showthread.php?t=35407 in the exact order as best I could and here I am.

There seem to be problems remaining.

CCleaner appeared to work fine.
Microsoft Windows Defender didn't work.
Microsoft Windows Malicious Software Removal Tool didn't work.
CounterSpy did its stuff OK in 10 hours! LOG ATTACHED - CounterSpy.txt.
Bitdefender OK - LOG ATTACHED bdscan.txt
PandaActiveScan would not work in Safe Mode - found things but bombed out several times and same happened in normal mode.
GetRunKey.zip worked fine - LOG ATTACHED runkeys.txt

Will post the rest in a sec.

 

More....

ShowNew.Zip worked fine and LOG ATTACHED newfiles.txt

I also tried Webroot SpySweeper LOG ATTACHED Spy Sweeper Session Log.txt

Finally here is my HiJackThis LOG ATTACHED hijackthis.log

Some of the things that keep coming up are:
3271 Chinese Keywords
Locators Toolbar Toolbar
Virtumonde Adware (General)

Also I have a program called Chinese keywords I cannot uninstall (no idea where it came from) and also Koowo Lyrics suddenly arrived. Maybe from TVAnts?

Cheers for any help kind people!

 

Download

- Pocket KillBox

- Process Explorer

Extract each to their own folder somewhere that you will be able to locate later.

IMPORTANT: You should print or save the below locally, so you can refer to them while offline. You must exit all browsers before running the below steps and it would be best if you actually physically unplug your cable to the internet, reboot, and do not run anything but what I give you to do. Also it would be good to exit all processes and items in your System tray.

Do the above before continuing! Okay unplug your cable now.

Make sure you have rebooted in Normal Mode (do not open any other processes)


- Run Process Explorer

In the top section of the Process Explorer screen double click on winlogon.exe to bring up the winlogon.exe properties screen. Click on the Threads tab at the top.

Once you see this screen click on each instance of ixccpfj.dll once and then click the kill button. After you have killed all of the ixccpfj.dll under winlogon click ok. (If you do not find the dll, just continue on.)

Next double click on explorer.exe and again click once on each instance of ixccpfj.dll and kill it. (If you do not find the dll, just continue on.)


Now just exit Process Explorer.

Run HijackThis. Click the 'Do a system scan only' button.


Once the scan has completed click Config

Click Misc Tools

Click Open Process Manager

Terminate the following processes by selecting them from the list and clicking Kill Process
These may not be present but we need to check

Click back to return to the scan results.

Place a checkmark in the box next to the following lines:

Click on the 'Fix checked' button. Wait for HijackThis to finish; close HijackThis.

Now run Pocket Killbox:

Paste the below filenames into KILL BOX one at a time. Check mark the box that says "Delete on Reboot" and checkmark the box "Unregister DLL" (If available) Click the RED X and it will ask you to confirm the file for deletion say YES and when the next box opens prompting you to reboot now...click NO...and proceed with the next file. Once you get to the last one click YES and it will reboot.

If Killbox does not reboot or you get a Pending Operations type error message just reboot your PC yourself.

Now boot into SAFE MODE

Open Windows Explorer navigate to and DELETE the following: (Some of these may have already been deleted by Pocket Killbox)

If you have Windows XP delete the contents of C:\WINDOWS\Prefetch.


REBOOT to Normal Mode.

Let me know how things are running now

Post a fresh HijackThis log, a fresh newfiles log and a fresh activescan log.[/QUOTE]

 

Cheers zillions!

That has helped a lot - can't really say thanks enough

The pc seems to be running a lot better now.

I have also ditched a few of the overlapping anti-malware progs as well now and the pc is starting to speed up.

A defrag gave me a boost of 40% speed too in start up / shut down.

I have attached a fresh HijackThis log hijackthis.log

and
a ShowNew newfiles.log

Again Panda ActiveScan appears to be working fine but half way through it causes the pc to suddenly switch off and restart. I tried several times
I have got a problem with the button on my pc which sometimes switches the pc on for 1 second and then it goes dead. It can take many presses to get it to turn on and stay on. It has never just switched off though except for the 6 or so times I tried Panda Active Scan. I assumed it was a dicky button and was going to move the inards to a new case/PS.

Do you think the PC is clean now? Is there anything you can see which I can disable (even at startup) to speed the startup?

Need to say again MANY THANKS

 

The following lines are not really needed at startup as they are not necesary or can be run as needed

you also need to fix the following line with HJT AND CONFIRM IT IS GONE, I don't think the service exists anymore but if it does we will need to manualy remove it.,

O23 - Service: Network Security Service (NSS) (%AF夶À¨) - Unknown owner - C:\WINDOWS\wincu.exe (file missing)

 

Sorry for the delay.
PC still running well but still could be a bit quicker I guess.

The HJT log shows the following still
O23 - Service: Network Security Service (NSS) (%AF夶À¨) - Unknown owner - C:\WINDOWS\wincu.exe (file missing)

I have tried ticking it and fixing it in HJT but it seems to appear in the log still.

Also a few of the above lines you pointed out still show up.

How should I stop these running?

HJT log and newfile logs attached.

Many thanks

macker6464

 

Sorry - couldn't attach the file there.

Here they are now

macker6464

 

Thanks chaslang

I have run AboutBuster and then rebooted and run it again.
The log is attached as Ab LogFile.txt

I then ran HJT and a new hijackthis.log is attached too

It looks like there are some stubbornly things hanging around

There was no option to Check for Updates in the process but the version was AboutBuster 6.05

cheers
macker6464

 

My strange Chinese error has disappeared and the system appears to be working quite well (fingers crossed).

Thank you you very much. You guys really know your stuff!

I have attached logs as requested:

GetRunKey txt - runkeys.txt
ShowNew txt - newfiles.txt
HJT - HiJackThis.log

I will keep my eyes on the system for any funnies.

One thing I have noticed is that it can sometimes take several seconds to start to open an Internet Explorer window. I am assuming this is due to the anti-virus AVG and the anti Spyware Spyware Doctor slowing things down a tad.
No worries!

Thanks again

Macker6464

 

Thanks again


Performance Manager was stopped but disabled it as asked.
did the svhost thing.

C:\Program Files\Common Files\fh.exe - Didn't exist
C:\WINDOWS\system32\mmllm.ini - Deleted this
C:\WINDOWS\system32\mmllm.ini2 - Deleted this
C:\WINDOWS\system32\lylk.dat - Deleted this

HJT log attached hijackthis.log
ShownewFiles log attached newfiles.txt

What dya think now?

Cheers
Macker6464

 

Thanks again for super support

My PC feels a lot cleaner.

I have taken all the steps you recommend and have worked through your tips for keeping clean.

A superb site which I will recommended to all!

Cheers

Macker6464