Tech Support Forum - View Single Post - pc very slow, multiple trojans/malware, hijackthis log

**eXPeri3nc3** · 10-10-2007, 10:15 AM

Hi jimmyfishcake,

Everything looks great --- your HijackThis log / logs appears to be clean. :) Please do the following:-

--------------------------------------------------------------------

Delete the following Files indicated in RED and Folders indicated in BLUE (let me know if you fail to find/delete any)

C:\Documents and Settings\Jon_W\Desktop\setup.exe/

Please delete C:\SDFix as well.

--------------------------------------------------------------------

Note about poker games:
You appear to be a fan of games. but I think it's important to note that often these kind of programs are installed with other unwanted software, namely spyware or adware. If you did not install these programs yourself, or you do not use them any more, I would definitely recommend that you uninstall them from your computer, even if it is simply a precautionary measure. The amount of different poker software which arises on the internet means it is impossible to keep track of which ones are infected and which ones are not. If you do use the software, and wish to continue doing so, please ignore this. If you do decide to go ahead and remove the poker software, you should be able uninstall them via add/remove which can be found in the control panel. Let me know if you have any problems whilst doing so.
Here are links to some poker sites regarded as safe for your reference.

* http://www.pokerstars.net/ - This is a free to use/play site.
* http://www.pokerstars.com - This is the paid for version.

--------------------------------------------------------------------

Please fix the following entries as well if you have decided to remove it:

O4 - HKLM\..\Run: [PKR Pal] "C:\Program Files\PKR\pkrpal.exe" -osboot
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Poker.com - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Program Files\Poker.com\Poker.exe (HKCU)

Delete the following Files indicated in RED and Folders indicated in BLUE

C:\Program Files\PKR\
C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\
C:\Program Files\Poker.com\
C:\Program Files\PartyGaming\

--------------------------------------------------------------------

C:\System Volume Information\ is where System Restore's cache is stored. Whatever is in there can't harm you unless you choose to perform a manual restore. Nevertheless, uninstalling Combofix will be resetting/clearing the cache in a little while.

---------------------------------------------------------------------

Start > Run - type ComboFix /u and press enter.

Combofix will auto uninstall now.

--------------------------------------------------------------------

Please take some time reading this list; it is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.

Windows Updates (a must!)
It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. You can either click on the link above and bookmark the updates page, or open Internet Explorer, then go to the Tools menu -> Windows Update, and follow the online instructions from there.
Firewall (a must!)
It is definitely a must have. Some good FREE versions are Comodo Personal Firewall, Outpost, PCTools Firewall, or Kerio Personal Firewall.
Note: You must only use 1 (one) firewall at a time because if you have 2 or more firewalls running at the same time, they will conflict with each other and make your security less reliable. Please also remember to turn off Windows Firewall once you have installed a new firewall.
Also make sure to run your antivirus software regularly, and to keep it up-to-date.
Note: You must only use 1 (one) AV at a time because if you have 2 or more AVs running at the same time, they will conflict with each other and make your security less reliable.
SpywareBlaster
It helps to prevent spyware from installing in the first place. Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items.
Tutorial: How to use!
SpywareGuard
It helps to prevent spyware from installing yet catch and block spyware before it can execute. Install & update SpywareGuard with the latest definitions.
Tutorial: How to use!
IE-SPYAD
This FREE tool puts over 5000 sites in your IE Restricted Zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
This is a self-extracting .EXE file, save it to your desktop. Once downloaded, follow the tutorial listed below on how to install it.
Tutorial: How to use!
Spybot - Search & Destroy
This is a very powerful FREE tool that can search for and annihilate nasties that make it onto your system. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features for realtime protection.
Tutorial: How to use!
Ad-Aware SE
This is another very powerful FREE tool that searches for and kills nasties that infect your system. Ad-Aware SE and Spybot Search & Destroy compliment each other very well.
Tutorial: How to use!
AVG Anti-Spyware
This is an excellent FREE scanner to look for trojans and other nasties that might be residing in your system.
User Manual: How to use!
SUPERAntiSpyware
This is another excellent FREE scanner to look for nasties that might be lurking in your system. SUPERAntiSpyware and AVG Anti-Spyware compliment each other very well.
Quick Guide: How to use!
McAfee SiteAdvisor
An excellent SiteAdvisor to guide you through the internet websites. It helps to warn you before you interact with a dangerous Web site. Works with both IE and Firefox.
Quick Guide: How it works!

Please also read Tony Klein's excellent article How I got Infected in the First Place and this CastleCops article Malware Prevention: Prevent Re-infection.

Please respond to this thread one more time so we can mark this thread as resolved.

10-10-2007, 10:15 AM	#8 (permalink)
eXPeri3nc3 TSF Enthusiast Join Date: Dec 2005 Location: Malaysia (GMT+8) Posts: 1,073 OS: Windows XP Pro SP3 RC, VMWare (Ubuntu 7.10), BackTrack3 Beta My System Blog Entries: 5	Re: pc very slow, multiple trojans/malware, hijackthis log Hi jimmyfishcake, Everything looks great --- your HijackThis log / logs appears to be clean. :) Please do the following:- -------------------------------------------------------------------- Delete the following Files indicated in RED and Folders indicated in BLUE (let me know if you fail to find/delete any) C:\Documents and Settings\Jon_W\Desktop\setup.exe/ Please delete C:\SDFix as well. -------------------------------------------------------------------- Note about poker games: You appear to be a fan of games. but I think it's important to note that often these kind of programs are installed with other unwanted software, namely spyware or adware. If you did not install these programs yourself, or you do not use them any more, I would definitely recommend that you uninstall them from your computer, even if it is simply a precautionary measure. The amount of different poker software which arises on the internet means it is impossible to keep track of which ones are infected and which ones are not. If you do use the software, and wish to continue doing so, please ignore this. If you do decide to go ahead and remove the poker software, you should be able uninstall them via add/remove which can be found in the control panel. Let me know if you have any problems whilst doing so. Here are links to some poker sites regarded as safe for your reference. * http://www.pokerstars.net/ - This is a free to use/play site. * http://www.pokerstars.com - This is the paid for version. -------------------------------------------------------------------- Please fix the following entries as well if you have decided to remove it: O4 - HKLM\..\Run: [PKR Pal] "C:\Program Files\PKR\pkrpal.exe" -osboot O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe O9 - Extra button: Poker.com - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Program Files\Poker.com\Poker.exe (HKCU) Delete the following Files indicated in RED and Folders indicated in BLUE C:\Program Files\PKR\ C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\ C:\Program Files\Poker.com\ C:\Program Files\PartyGaming\ -------------------------------------------------------------------- C:\System Volume Information\ is where System Restore's cache is stored. Whatever is in there can't harm you unless you choose to perform a manual restore. Nevertheless, uninstalling Combofix will be resetting/clearing the cache in a little while. --------------------------------------------------------------------- Start > Run - type ComboFix /u and press enter. Combofix will auto uninstall now. -------------------------------------------------------------------- Please take some time reading this list; it is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again. Windows Updates (a must!) It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. You can either click on the link above and bookmark the updates page, or open Internet Explorer, then go to the Tools menu -> Windows Update, and follow the online instructions from there. Firewall (a must!) It is definitely a must have. Some good FREE versions are Comodo Personal Firewall, Outpost, PCTools Firewall, or Kerio Personal Firewall. Note: You must only use 1 (one) firewall at a time because if you have 2 or more firewalls running at the same time, they will conflict with each other and make your security less reliable. Please also remember to turn off Windows Firewall once you have installed a new firewall. Also make sure to run your antivirus software regularly, and to keep it up-to-date. Note: You must only use 1 (one) AV at a time because if you have 2 or more AVs running at the same time, they will conflict with each other and make your security less reliable. SpywareBlaster It helps to prevent spyware from installing in the first place. Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items. Tutorial: How to use! SpywareGuard It helps to prevent spyware from installing yet catch and block spyware before it can execute. Install & update SpywareGuard with the latest definitions. Tutorial: How to use! IE-SPYAD This FREE tool puts over 5000 sites in your IE Restricted Zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites. This is a self-extracting .EXE file, save it to your desktop. Once downloaded, follow the tutorial listed below on how to install it. Tutorial: How to use! Spybot - Search & Destroy This is a very powerful FREE tool that can search for and annihilate nasties that make it onto your system. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features for realtime protection. Tutorial: How to use! Ad-Aware SE This is another very powerful FREE tool that searches for and kills nasties that infect your system. Ad-Aware SE and Spybot Search & Destroy compliment each other very well. Tutorial: How to use! AVG Anti-Spyware This is an excellent FREE scanner to look for trojans and other nasties that might be residing in your system. User Manual: How to use! SUPERAntiSpyware This is another excellent FREE scanner to look for nasties that might be lurking in your system. SUPERAntiSpyware and AVG Anti-Spyware compliment each other very well. Quick Guide: How to use! McAfee SiteAdvisor An excellent SiteAdvisor to guide you through the internet websites. It helps to warn you before you interact with a dangerous Web site. Works with both IE and Firefox. Quick Guide: How it works! Please also read Tony Klein's excellent article How I got Infected in the First Place and this CastleCops article Malware Prevention: Prevent Re-infection. Please respond to this thread one more time so we can mark this thread as resolved. __________________ If You Feel That We've Helped You, Please Donate To The Forum `世上无难事,只怕有心人` e X P e r i 3 n c 3 -- AleX `玉不琢不成器` "It's not because things are difficult that we dare not, it's because we dare not that things are difficult" <- Makes a huge diff