Malware- User jaye

Welcome to Major Geeks!

The free version of SUPERAntiSpyware is not a realtime blocker. You have to purchase it if you want that feature. You can read about protection in another sticky thread. See this: How to Protect yourself from malware!

As stated in the READ & RUN ME step 1, we don't recommend using CCleaner to manage startups since it uses the MSconfig registry keys which is not recommended. Also note that managing your startups is not a topic for the Malware Forum. You can discuss this in the Software Forum if you wish. You have to remember what you need or use and what I need or use are two different things. And if you ask a third person, you would have another set of requirements. You are really the one who needs to determine what you use and don't use as stated in the Dealing with Startups link given in step 1 of the READ & RUN ME. If your worry is that your PC is slow then removing startups is not where you need to start. You need to start by adding 4 times the amount of memory to your PC. Your log shows

You cannot run Windows XP properly with so little memory. You need 4 x 256 MB which is 1 GB.


Your ComboFix log shows that you have been using some form of removable media ( like a USB drive...etc ) in drive L that has been infected. This removable media can infect ALL PCs it is plugged into and you need to clean those PCs and the removable media. Your log showed this file L:\qjbyys.exe which must be deleted from all PCs and all drives.

Other than the above, you just need to do the below.

Run this Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Uninstall the below old versions of software:
Java 2 Runtime Environment, SE v1.4.1_07


I also recommend that you uninstall PrevxCSI since you probably have the free version and you don't have the memory to spare on this free too that will not fix any problems.


After a reboot, install the current version of Sun Java from: Sun Java Runtime Environment
Copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Make sure that you tell me if you receive a success message about adding the above
to the registry. If you do not get a success message, it definitely did not work.

 

You're welcome.


If you are not having any other malware problems, it is time to do our final steps:

1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
3. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
   • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
   • "%userprofile%\Desktop\combofix" /u
     • Notes: The space between the combofix" and the /u, it must be there.
     • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
   • Delete the C:\combofix folder from combofix (if it exists)
4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
5. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
6. Go to add/remove programs and uninstall HijackThis.
7. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
8. If you are running Vista, Windows XP or Windows ME, do the below:
   • Refer to the cleaning procedures in step 3 the READ ME for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
9. After doing the above, you should work thru the below link:
   • How to Protect yourself from malware!