Password Stealer and other bugs

[fridgedoc]

Hello

WoW big problems password stealer, had to use clean computor to change password to allow me to log on, also I am running in safe mode, If I try to start in normal mode "Windows takes 3 or 4 minutes to load" usually takes about 30 seconds, I think there are a few problems here have attaced HJT log many thanks.....Stephen

[Pondus]

Check your computer for Malware with

Malwarebytes Anti-Malware 1.46 http://filehippo.com/download_malwarebytes_anti_malware/
after install click update so you have latest database before scan
click the remove selected button to quarantine anything found
you may post the scan log here

[superhacker]

Do a hijack hunter log
http://www.novirusthanks.org/products/hijack-hunter/
and post it here

[fridgedoc]

Hi Pondus

Have scanned as advised "Now" showing 3 Threats, none showed on previous scans, must be due to latested updates, have attached log, many thanks.........Stephen

[Pondus]

Your log say " No action taken. " so you need to scan again and click the remove selected button to quarantine the bugs
( remember to run update first )
Then you scan again to see if MBAM comes up Clean

[fridgedoc]

Hi
Looks like its clear now?

I'm going to be brave and start  in normal mode.....many thanks ................Stephen

[fridgedoc]

Hi Pondus

Well that was the wrong thing to do, Windows took ages to load, Hard drive continuous running, now back in safe mode but Avast will not load properly, ie. insecure press fix now and nothing happens, States "shield files unreachable" any further thoughts??..............many thanks ...Stephen

[essexboy]

Download OTL  to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Check the box that says Scan All Users
  
• Under the Custom Scan box paste this in

netsvcs
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\system32\spool\prtprocs\w32x86\*.tmp
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.scr
%systemroot%\*._sy
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    
  • Attach both logs

[fridgedoc]

Hi Essex Boy

Have done as you asked, pleasse find atttached logs as requested, many thanks for your help.....Stephen

[essexboy]

Could you attach the main OTL log please as all you attached was the extras - which by the way suggests tha chkdisk be run as you have some bad sectors on your drive

[fridgedoc]

Sorry thought I had attached both logs

[essexboy]

Could you run this next tool from normal mode please

Download ComboFix from one of these locations:


Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
• Double click on ComboFix.exe & follow the prompts.
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.  It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you.  Please include the C:\ComboFix.txt in your next reply.

[fridgedoc]

Hi
Well that was fun........... would not run in normal mode waited 2hrs !!!!!!!!!

Had to run in safe mode but said "Advast" was running which was not as far as I know and to be sure I turned it "OFF" also  other programs did start automaticlly so wherther mss up the scan or not I do not know.....fingers crossed.... I also ran cskdsk showed up lots of errors which it said it had repaired......attached combo-fix log
Thanks for all your help and patience.............Stephen

[essexboy]

On completion of this let me know what problems remain

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

Code: [Select]

:Commands
[resethosts]
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot the PC when it is done

.
THEN

To try and ease the startup try this

Download Startup Control Panel here
Instal and you will find a startup icon in the control panel - run this

• In the HKLM tab, you may disable (be careful --> "disable") all the entries except your security software 
  
• In the HKCU tab, you may disable all entries.
  
• In the StartUp tab, you may disable all entries.
  

Note : if you notice that some programs no longer run, you can enable them again by running Startup Control Panel, selecting the entry and choosing Run Now.
If you are in doubt with something, don't hesitate to ask

NEXT

Download and run Puran Disc Defragmenter
Run a boot defrag

[fridgedoc]

Hi Essexboy

not getting too excited but it "seems" OK now............. have not used "control panel" though..keeping that in reserve!!!!

will keeping running as is and keep checking.............

THANK YOU for all your help .........................and patience

regards

Stephen

ps. will keep you informed.