Help please. My desktop has been Hijacked

Hello I am new to this, but I have tried to go through all steps mentioned in above threads.
When I start windows with a certain user the desktop is red and requests that I buy a spyware removal program. (I havnt cklicked on anything). I was having trojans download in pairs every five mins, but macafee seems to have stopped this.
I have been through all your steps and some programs have been removed and I have attatched all logs to this and next message.
some of the problems I had were:
spybot took nearly 12 hours to complete, I have this on my home computer and it takes about 10 mins.
I could not run windows defender in safe mode so ran it in normal mode however it found nothing

I havnt run hijackthis yet but I will if it is required

After completing this things have changed, now instead of a red warning background it is now white.

Also although this may not be connected, I cannot print, when I click print on anything it goes to "save as"

Please help as I am completely stuck
I will attatch panda scan results to next message. many thanks

 

Hello I am new to this, but I have tried to go through all steps mentioned in above threads.
When I start windows with a certain user the desktop is red and requests that I buy a spyware removal program. (I havnt cklicked on anything). I was having trojans download in pairs every five mins, but macafee seems to have stopped this.
I have been through all your steps and some programs have been removed and I have attatched all logs to this and next message.
some of the problems I had were:
spybot took nearly 12 hours to complete, I have this on my home computer and it takes about 10 mins.
I could not run windows defender in safe mode so ran it in normal mode however it found nothing

I havnt run hijackthis yet but I will if it is required

After completing this things have changed, now instead of a red warning background it is now white.

Also although this may not be connected, I cannot print, when I click print on anything it goes to "save as"

Please help as I am completely stuck
I will attatch panda scan results to next message. many thanks

 

please find attatched panda scan results
many thanks

 

jamie: please stick to one thread, you have 2 in the malware forum now, this may have been accidental I will wait for an admin to merge the threads and then look at your logs

 

I must have been merging them while you were replying Matt.

 

@abbysue. Thanks

Jamie:

Please post a Hijackthis log as per the instructions.

 

please find attatched my hijack this log
many thanks
jamie

 

Anybody got any ideas ???
Many thanks for looking
jamie

 

Also now I cant open add/remove programs
It just freezes
many thanks

 

<< The installed version of Java on this compter is out-dated. Install Java Runtime Environment (JRE) 5.0 Update 8 available from http://java.sun.com/javase/downloads/index.jsp. Uninstall all older versions of Java on your computer, before installing the latest version of Java. >>

IMPORTANT: You should print or save the below locally, so you can refer to them while offline. You must exit all browsers before running the below steps and it would be best if you actually physically unplug your cable to the internet, reboot, and do not run anything but what I give you to do. Also it would be good to exit all processes and items in your System tray.

Do the above before continuing! Okay unplug your cable now.

Make sure you have rebooted in Normal Mode (do not open any other processes)



Run HijackThis. Click the 'Do a system scan only' button. Place a checkmark in the box next to the following lines:

Click on the 'Fix checked' button. Wait for HijackThis to finish; close HijackThis.


Now boot into SAFE MODE

Open Windows Explorer navigate to and DELETE the following: (Some of these may have already been deleted by Pocket Killbox)

The files that you will have to search for can be found using the windows search. Start -> Search

Make sure the search settings are set to search hidden files and folders and system files. as they will probably be in windows or system32

Make sure you have enabled viewing of Hidden Files and FOlders

If you have Windows XP delete the contents of C:\WINDOWS\Prefetch.


REBOOT to Normal Mode.

Post a fresh HijackThis log, and fresh shownew log.

 

Hello Matt
Thanks for the reply
Have done all that you said but had a few complications as follows

I could not uninstall old java before updating as I cannot access add/remove programs, I dont know if there is another way, however I hve installed reccomended update.

I removed all you said with Hijack this

when in safe mode I could not find Crogram Files\KillAndClean, but did find 12 zipped folders which seem to be located within spy bot. I deleted them anyway, dont know if this was right ?

I could not find Any of the .exe files and I did make sure I was viewing hidden files

Also emptied the Prefetch file

Have attatched new hjt log and show new log

There doesnt seem to be any change though my desk top is still white and have had more trojans trying to download this morning

many thanks
jamie

 

Download the zip file attached to this post and extract the findfiles.bat file inside it to your desktop

Run findfiles.bat and attach the c:\filereport.txt file it creates in the root of c:

 

Hello matt
I think I have attatched the right file
Many thanks

 

OK the files don't seem to be in any of the usual locations.

Reboot into safe mode and delete the following files:

 

Please follow the steps in this thread WareOut Removal

Please attach the log from FixWareOut (c:\fixwareout\report.txt) and a new HJT log

 

ok done that
still seems the same
have attatched logs
many thanks
jamie

 

Did you delete the 2 files I posted earlier ?

c:\windows\system32\{71F2C5BD-25D8-46AC-8238-5A5AE6F802F8}.exe"
c:\windows\system32\{88889B69-636F-466D-8F93-B9A6E76960CD}.exe"

Reboot to safe mode and delete:

Boot into normal mode

Right click on your desktop and select properties
Select the desktop tab
select customize the desktop
select the web tab
make sure all the entries are UNTICKED and delete them all except My Current Homepage

 

yes I deleted them both

 

Sorry edited my post. Delete the other I listed and check your active desktop settings

 

hello matt
have deleted the other, but when I right click on the desktop and select properties there is no option for active desk top. just a genral tab that says it is a HTML document.
jamie

 

Start -> Settings -> Control Panel -> Display

Select 'Desktop' Tab

Click 'Customize Desktop'

Select 'Web' Tab

Uncheck all boxes and delete all items except 'My Current HomePage'

Click 'OK' till you close all dialogs

 

excellent I have my desktop back
Do I need to do anything else ?
Many thanks

 

How is your computer running ? Try the spybot scan again see if it runs any better.

Post a fresh HJT for a last look.

 

Hello matt
have run spybot that ran quickly this time only found two issues with windows security disable which I deleted
have attatched new hjt log
Every thing seems to be fine so far
Many thanks for your help once again your advice has been brilliant !!!

 

OK Well I think your clean now.

Once I have confirmed this it will be time to go back to step one and flush your restore point and create a new clean one.

Meanwhile have a read of this thread on How To Protect Yourself From Malware