MALWARE possibly hacked?

This has been going on for a while now, but when I used to click on favorites or just leave my mouse alone for a while the cursor would disappear. When I would move the mouse, the cursor would pop back up. By the way we have hi speed internet through a cable modem so I just used to leave the modem on all the time, but about 2 months back I left the computer alone and I came back and Outlook was up by itself, then its as if the computer crashed. I restarted and it took a long time for the computer to reboot, I had a black screen with just a blinking cursor.

Thats when I came here for help the first time, with the help of you guys I thought I got rid of the problem, but lately the internet has been really sluggish again and now I've noticed I can't even get Internet Explorer to load. I can only use my non IE browser to get on the internet. Thats why I can't run the required scans on my computer because internet explorer won't come up. I think the computer may have been hacked via bit torrents. I used to use them, but then discontinued usage of it, uninstalled the program, but I think the ports on the computer are still open therefore still pose a vulnrability for hacking. Please Help I want my computer back!!

 

Somehow or another IE worked so I was able to do some scanning. Trojan scanner found 2 malware.

C:\WINDOWS\Downloaded Program files\Popcaploader.dll
C:\WINDOWS\SYSTEM32\SplWbr.dll


Here's a fresh HJT log

 

Your log is clean.

Download this trial version of Ewido Security Suite

• Install ewido security suite
• Launch ewido, there should be an icon on your desktop double-click it.
• The program will have a window come up. One of the buttons on the left is to Update. Click the Update button.and then Start the Update. The update will start and a progress bar will show the updates being installed.
• After it completes the update, click the Scanner button

Now exit Ewido. Now print the below instructions or save them locally because I want you do have no browsers opened and also have no connection to the internet (unplug your cable) while doing the below.

Okay, reboot into safe mode and follow the steps below. (If you have any problems at all trying to get into safe mode to complete these steps, just run them in normal boot mode and make sure you tell me when you come back.)

Open up Ewido and do the following:

• Click on Scanner
• Then click Settings
• Under What to Scan? Select Scan every file
• Then click OK
• Click on Complete System Scan and the scan will start.
• Let the program scan the machine

While the scan is in progress you will be prompted to clean files that are infected. Leave the defaults selections (to Remove and backup) and click OK. To save yourself some time, you can select Perform action with all infections and then click OK. With the option to scan every file, a lot of cookies will be removed.

Once the scan has completed, there will be a button located on the bottom of the screen named Save report

• Click Save report
• Save the report to your desktop or anyplace you will be able to find it to upload here.

Reboot into normal mode and reconnect to the internet.

Come back here and post the Ewido Scan Report along with a fresh HJT log.

 

Ok I followed instructions as asked

here is the report and the fresh HJT log

 

Your HijackThis log looks fine. Ewido Security Suite did find and remove a few things.

Please download Spy Sweeper

• Click the link above to download the program.
• Install it. Once the program is installed, it will open.
• It will prompt you to update to the latest definitions, click Yes.
• Once the definitions are installed, click Options on the left side.
• Click the Sweep Options tab.
• Under What to Sweep please put a check next to the following:
  • Sweep Memory
  • Sweep Registry
  • Sweep Cookies
  • Sweep All User Accounts
  • Enable Direct Disk Sweeping
  • Sweep Contents of Compressed Files
  • Sweep for Rootkits
  • Please UNCHECK Do not Sweep System Restore Folder.
• Click Sweep Now on the left side.
• Click the Start button.
• When it's done scanning, click the Next button.
• Make sure everything has a check next to it, then click the Next button.
• It will remove all of the items found.
• Click Session Log in the upper right corner, copy everything in that window.
• Click the Summary tab and click Finish.
• Paste the contents of the session log you copied into notepad and save it as spysweeper.txt and attach it to your next post.

 

Alright I scanned using Spysweeper, however it wouldn't let me update.

So I'm not sure why that was but here's the log of the scan

 

Once I was done with the scan I shut down my computer. Now when I started it and everything was loading, I get this message from my firewall saying that there's a new network connection and it wants to configure it. Everytime I follow the steps I try to get on the internet, it won't load. This message appears everytime I start the computer or reboot the computer. The only way I could get on the internet was by disabling the firewall.

 

Fixed the firewall problem. I had to uninstall Spysweeper because it was messing with the firewall. Internet seems to be running pretty smooth now, but I would still like to know how to shut down the ports that are most associated with bit torrents.

 

Even without be able to update Spy Sweeper, that found and removed several things.

Please run Panda Online Scan. After the scan attach the log to your next post. Also please follow the below:

1 - Please EXTRACT all files from Qoologic Tool to its own folder - C:\Program Files\QoologicFinder . Then, DoubleClick Find-Qoologic.bat to run the tool. It should produce a log - Please attach that with your next post!

2 - Please EXTRACT all the files form RKFiles Tool to its own folder named C:\Program Files\RKTOOL. Then, Please boot to SAFE MODE and DoubleClick rkfiles.bat to run the tool. Let it run and then, when it finishes, look for a log at C:\Log.txt and please attach that log.

Now come back here and post all three logs as attachments

 

We can deal with blocking those ports after we make sure your system is clean of malware.

 

Alrighty, I scanned with Panda, however it seemed as if it got hung up. I was letting it scan and I looked over and it was scanning a particular file and I came back 45 minutes later and it was on the same file. It looked like it was almost done scanning though, but I took a log file of what I got from it. I did the other requested scannings and with the QoologicFinder it ran into an MS-DOS 16 bit error, it took a log though, I'm not sure if it completely scanned or what but I also have that. The last scan seemed to went fine and I have that as well.

Here are the requested logs

 

Here's the last log

 

Download
- Pocket Killbox

Now run Pocket Killbox:

Choose Tools -> Delete Temp Files and click OK.

Run Killbox.exe. Paste the below filenames into KILL BOX one at a time. Check mark the box that says "Delete on Reboot" and checkmark the box "Unregister DLL" (If available) Click the RED X and it will ask you to confirm the file for deletion…say YES and when the next box opens prompting you to reboot now...click NO...and proceed with the next file. Once you get to the last one click YES and it will reboot. Note many of the file list below may not exist but we need to check for them anyway.

If Killbox does not reboot or you get a Pending Operations type error message just reboot your PC yourself.

Now boot into SAFE MODE

Open Windows Explorer navigate to and DELETE the following: (Some of these may have already been deleted by Pocket Killbox)

Now run CCleaner. If you have Windows XP delete the contents of C:\WINDOWS\Prefetch.

Then, as an added precaution, Go to Start -> Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.

REBOOT to Normal Mode.

Download WinPFind

Extract it to the root folder of drive C ( C:\ ). This will create a folder called WinPFind in the C:\ folder. Inside C:\WinPFind is a file called WinPFind.exe. Double-click on this file to launch the program. Once it is launched, click on the Start Scan button and wait for it to finish. This program will scan large amounts of files on your computer for known patterns so please be patient while it works as it can take a while, upwards to 30 minutes or more.

When it is done, it will show the results of the scan. Click on the Copy to Clipboard button and then paste the contents of the log in your clipboard. Then save it to a file using notepad and upload the text file here as an attachment.

 

Alright I completed your instructions. When I went to navigate Windows Explorer I searched for those files typing in the exact file names, but none of them were found, so can I assume that Killbox just took care of them?

I have the completed log and that ran smooth.

 

OK, your system appears to be clean.

To block P2P ports give PeerGuardian 2 a try.

 

Shadow you are the man!!! Thanks a million, finally got my system back and running smoothly. I really like the options with that P2P guard.

thanks