Computer freezes up

Hello everyone. I am new here. I just found this forum today, and have learned a lot. I want to start off just by expressing my heartfelt thanks to all the people who are helping here. I have read the READ & RUN ME FIRST thread.

My little brother has been using my computer, looking at porn, going to 'warez' sites, and downloading 'cracks' to get the 'illegal' copy of registered programs, etc. I have uninstalled everything that is either not free, or that I have not paid for. I want to make my machine 'clean' and 'legal' again. I have Norton InternetSecurity2006 installed. I was naive to think this would work to solve all my problems. This I paid a lot of money for, and the 2 years subscription. But it has not helped me at all! In fact I think it slows me down even more. Is this possible? Does anyone else have these problems? I think Norton is garbage and may even be a form of spyware. I have learned by reading these forums that there are much better, and free, programs available. My brother has made this problem worse by downloading so-called spyware-removal, which is in fact spy-ware itself! One of these rogue programs he was tricked into downloading was SpyOnThis! I knew it was a scam when it told me I had problems, when I clicked to fix, it asked for a credit card! My brother told me he just needed my credit card, but it sounded fishy to me. Luckily, by searching on the web, I found this forum. So I want to thank you guys for saving me from wasting money for a garbage spyware program!

Anyhow, on to my problem: If I boot my pc up with the cable modem plugged in, eventually the computer either slows to a snails pace, or internet stops functioning. I have realized that now, only since infection, I have found a 'work around'. If my modem is unplugged while the pc boots up, and I later connect it, everything works fine. However, I want to be able to boot my pc up normally as before, and have the internet and broadband connection work without having to resort to this. I have read the Special Removal Procedures thread for Virtumonde, and ran the VundoFix Utility. This seems to have helped a bit, but my problem persists. I have attached all the applicable log files to this and the following message. Please help me! You guys (and gals) are the best!

I am going to stick around here, I know I am going to learn even more!!

 

other files attached

 

Because you ran VundoFix, is may have changed your HJT log a bit so I need you to run a fresh Panda online scan, once complete attach the log with a fresh HJT log.

 

I ran Panda and HJ after Vundo, to make sure. The logs I posted should be fresh. Do you still want me to do again?

 

With this new variant yes, because I hate to post a fix and it be useless because of the file changing names.

Also, after you post your logs please do not reboot because doing so changes the filename and will make my fix useless.

 

Hey guys. For good measure, in safe mode, I repeated all of the steps in READ ME FIRST. However, upon booting back into normal mode, I found more viruses! I ran all of the programs mentioned, and Search and Destroy caught, YazzleSoduku, Sexlist, Smitfraud-C. Smitfraud-C.Toolbar888, Nous-Tech.Udefender, MediaPlex. Norton caught a virus called Trojan.Busky but I think it said it could not be repaired. I am telling everysingle computer user I know to NEVER NEVER use Norton. Why pay all that money if it cannot be fixed. Useless program, it is. I want to ask, any EXPERTS..do any experts use or prefer Norton? Or is it only new people like me (believe me, I am learning now) who use it? Please just tell me if there is anything good *at all* about Norton.

Before, I only had Smitfraud, Trojan.Klone.H left! Did I pick up all these because I was doing the steps in safe mode? Did I make a mistake by doing all this? I also downlaoded the Smitfraud fix and followed the directions. Now in normal mode, it has turned my desktop blue and removed my previous wallpaper. Now I have done a fresh HJ and Panda and Smitfraud fix. Logs attached. PLEASE HELP ME..I am panicking, and I need this computer for work. I want this to be fixed sooo badly. You can't know how much I appreciate this help.

 

Download Pocket KillBox

• Save it to your desktop or a place easy to find.
• Do not run it yet

Now scan with HijackThis and check the boxes for the following entries:
( Make sure ALL browser windows are closed when you click FIX )

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway

O2 - BHO: (no name) - {1232DA7B-9734-4A6B-899D-3EC4CB42BEA1} - C:\WINDOWS\system32\gebyv.dll
O2 - BHO: (no name) - {388277ED-7A82-1E51-EE3C-00F7DB5E3F0A} - C:\WINDOWS\system32\sllyank.dll (file missing)
O2 - BHO: (no name) - {3ED1F13B-BECE-41A5-971C-D13DD655851D} - C:\WINDOWS\system32\pmnlm.dll (file missing)
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {B5D1838A-6111-4CDF-9C1B-7E55C416A4CC} - C:\WINDOWS\system32\ddayw.dll (file missing)
O2 - BHO: (no name) - {CFE9E8A8-38C0-4EF8-AEC2-5035EFE81030} - C:\WINDOWS\system32\jkkjihg.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvjeg.dll,startup
O4 - HKLM\..\Run: [cctybpn.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\cctybpn.dll,trwsile
O4 - HKCU\..\Run: [Ncao] "C:\DOCUME~1\JOHNR~1.MCC\MYDOCU~1\RACLE~1\javaw.exe" -vt yazb
O4 - HKCU\..\Run: [Qwfk] C:\WINDOWS\??curity\iexplore.exe

O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)

O20 - Winlogon Notify: gebyv - C:\WINDOWS\system32\gebyv.dll
O20 - Winlogon Notify: jkkjihg - C:\WINDOWS\SYSTEM32\jkkjihg.dll
O20 - Winlogon Notify: wineak32 - C:\WINDOWS\SYSTEM32\wineak32.dll

Again, make sure ALL browser windows are closed when you click FIX.

Now, Please boot into Safe Mode, be sure you have the Viewing of Hidden Files & Folders Enabled per the tutorial. Now, navigate to and DELETE the following if they should remain:

C:\WINDOWS\??curity <-- Search for this folder and delete when found, it will be at the bottom of the list.

Next, run CCleaner to clean up cookies and temp files.

Locate PocketKillbox
(Procede with this step even if they do not show in blue)

Next, you will be entering items into Pocket KillBox. Please select the “Delete on Reboot” Option. Copy&Paste each of the file names listed below into the box one by one, making sure Delete on Reboot is Checked for each entry. Click the Red X for each entry, but DO NOT Allow your machine to be rebooted until the last item has been entered:

** Note: For any of the .dll files, check the Unregister .dll Before Deleting box as well. If this option is not enabled, don't worry about it.

• If you get an error message about Pending Operations, just reboot your computer manually.

After you complete the above, REBOOT and attach a fresh HJT log.

 

Unfortunately, I had to reboot. After I post a message, or stay online too long, I only have a certain amount of time until my computer will freeze up again. When that happens, I have no choice but to unplug it and boot up again.

I remember you told me not to reboot after I posted my logs, however I had no choice. Should I still do what you posted? Thanks and I appeciate it very, very much.

 

Yeah, procede with this fix and we will go with your new logs once you have completed it.

 

Thanks so much brother. Ok, I am doing it right now...

 

Okay, I will check back in a bit.

 

I ran HJ and removed all the checked except:

O4 - HKCU\..\Run: [Qwfk] C:\WINDOWS\??curity\iexplore.exe

I could not find that one. Then, when I tried to reboot in Safe Mode, it would not work. The desktop just went blank and I had to reboot again in normal mode. Should I continue with the steps in normal mode?

 

Go ahead and attach a fresh HJT log.

 

Hallelujah!!

I think I am clean now. I just ran Panda and BitDefender and both say I am healed. I still have some questions for later tho, if you are not too busy. Here is my HJT log. Thank you so much for eveything.

 

Your log looks good, are you having any current problems?

 

Hello sir. I am not having severe problems, it is about 95% better than it was before. However, I am wondering if my computer will ever be 100% normal like it was before I got the bug? I kind of think of it as if you get your new car wrecked. The body shop could do a really nice job, but the car will never be exactly how it was when new.

I noticed I have a cookie from Tribalfusion that will never go away. I used adaware and it always finds this cookie. It does not matter what website I go to, that tribalfusion always finds its way back. There is one other one as well I think, that never used to be there before. Is there some other file on my pc that keeps making this tribalfusion cookie and others come back?

But like I said, this is so relatively minor compared to how my pc was before. Is this the correct forum, or where should I go to discuss technical details of the virus, spyware? I am just curious by nature and I would like to know exactly how this works. I am curious why those files for Vundo were so hard to remove, and how they always came back with a different name. I finally used that KillBox program. What I did was first run Panda and then I used KillBox to nuke the 4 files that Panda flagged. And why did Norton and others never catch this? Only Panda caught it. Is this product worth paying for? It seems to be the best one. Also, I would like to know why the pc would never work before on bootup, unless I unplugged the modem prior to bootup. Is it possible to 'break' spyware? Meaning that if you only remove some parts of it, or delete some files, the spyware will make your pc's performance even worse?

I know I am asking a lot of questions, that do not relate to fixing my pc. Is this forum just for questions on how to get the pc back and running, or can we discuss in detail? I know this place is super busy and I don't want to detract from someone else who really needs help. I understand the situation because I was so desperate just yesterday.

Again, thanks for everything. Can I donate to you or the site some way?

 

Like I tell everybody, we can remove the majority of malware but it's just about impossible to remove every trace malware on a system.

It's normal to have this cookie, every time you open a browser you will have cookies. Be sure you run CCleaner or a drive cleaner daily and you'll be fine.

It would take all day to explain Malware. It used to be very basic and simple but today Malware has completely changed and is now a lot more serious than ever before. Back in the day WORMS were the thing, now it's Malware in general. Malware is defined as "Malicious Software", it includes everything such as Trojans, Spyware, Adware, Hijackers, Dialers, etc;

It's primarily for Malware Removal.

[/QUOTE]Again, thanks for everything. Can I donate to you or the site some way?[/QUOTE]
We accepted donations for a bit but do not anymore. :\

 

Well, thanks again. I really appreciate the help. Take care.

 

Your Welcome!