comp slowing down

system · December 8, 2011, 1:44am

I own a Dell 1764 PC laptop, Core i-5 with Windows 7 Home Edition. Initially tried to put on Spybot, and that determined I had a trojan. It supposedly isolated and got rid of it. Then I had tried to upload McAfee from AOL and it told me that something was blocking it, and I assumed it was Spybot so I uninstalled Spybot and tried again. McAfee still said it could not work. Annoyed, I went to do a system restore. Tried three times (different restore point dates), same message came up, that the restore could not be done, along with something about c:\windows\assembly\temp\U. I did a quick google and found your site and followed the directions of downloading the malware program and run a scan. It advised it found a backdoor.bot trojan and another trojan and two temp files that were infected. It asked to reboot when it was done, which I did. I followed the directions on the post about the programs to install and scan, and the logs are attached. Tried to up the firewall as it was down (I read the malware could do this) and it refuses, saying something about the connection. There’s a proxy connection issue too, and I use Firefox instead of Explorer, although there were references made somehow to IE from the posts I’ve read during my research. I know Explorer comes with the computer’s programming as it’s part of Windows, but I don’t use it, rather have Firefox as the default. So…"The configured proxy server is not responding, error code 0x8007042c, advanced security snapin error 0x6D9. Two other numbers that came up, installing updates from microsoft doesn’t work, error code 80072EFD. Because my firewall’s acting up, I can’t get updates installed! AUGH! Also, does it matter if I have my computer on HOME network versus PUBLIC? I am soooo not an IT expert. WTH does this all mean and how can I get my firewall up, still protect me, and get my proper updates? And stop the ‘slowdown’ of going from page to page or simply clicking on a program? My comp’s not even a year old. Can someone explain if I did this right, and if there’s anything else I am overlooking as far as getting my computer disinfected? I don’t go to unknown sites and download at sites that are ‘trusted’. So I’m not sure what is going on. HELP!

Pondus · December 8, 2011, 2:10am

essexboy will check your logs when he arrive…
he is usually here around 08:00pm - 11:59pm UK time…

meaning, check back in 18hours

essexboy · December 8, 2011, 8:39pm

Hi there lets start clearing this up shall we

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL IE - HKU\S-1-5-21-2801523377-921451408-823652834-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKU\S-1-5-21-2801523377-921451408-823652834-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:56222 O3 - HKU\S-1-5-21-2801523377-921451408-823652834-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O4 - HKU\S-1-5-21-2801523377-921451408-823652834-1000..\Run: [conhost] C:\Users\ressydm\AppData\Roaming\Microsoft\conhost.exe File not found O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) [2011/07/30 12:27:21 | 000,009,524 | -HS- | C] () -- C:\Users\ressydm\AppData\Local\8w1q6yk7g38oh2v5al00mcc5270 [2011/07/30 12:27:21 | 000,009,524 | -HS- | C] () -- C:\ProgramData\8w1q6yk7g38oh2v5al00mcc5270 [2011/07/30 12:27:20 | 000,000,000 | ---- | C] () -- C:\Users\ressydm\AppData\Local\tcnt.exe [2011/07/06 18:35:02 | 000,000,248 | ---- | C] () -- C:\ProgramData\~38264568 [2011/07/06 18:35:02 | 000,000,176 | ---- | C] () -- C:\ProgramData\~38264568r [2011/07/06 18:33:53 | 000,000,392 | ---- | C] () -- C:\ProgramData\38264568 [2011/05/31 22:52:34 | 000,009,336 | -HS- | C] () -- C:\Users\ressydm\AppData\Local\060a0lgv5xri3o0 [2011/05/31 22:52:34 | 000,009,336 | -HS- | C] () -- C:\ProgramData\060a0lgv5xri3o0 2011/04/29 17:46:01 | 000,667,978 | ---- | C] () -- C:\Windows\unins000.exe [2011/04/29 17:46:01 | 000,019,279 | ---- | C] () -- C:\Windows\unins000.dat [2011/04/24 23:02:56 | 000,000,136 | ---- | C] () -- C:\ProgramData\~45014792r [2011/04/24 23:02:56 | 000,000,120 | ---- | C] () -- C:\ProgramData\~45014792 [2011/04/24 23:02:36 | 000,000,336 | ---- | C] () -- C:\ProgramData\45014792 [2011/04/17 16:31:49 | 000,000,160 | -H-- | C] () -- C:\ProgramData\~43507464r [2011/04/17 16:31:49 | 000,000,120 | -H-- | C] () -- C:\ProgramData\~43507464 [2011/04/17 16:31:43 | 000,000,392 | -H-- | C] () -- C:\ProgramData\43507464 [2011/03/04 11:43:01 | 000,010,340 | -HS- | C] () -- C:\Users\ressydm\AppData\Local\2809086545 [2011/03/04 11:43:01 | 000,010,340 | -HS- | C] () -- C:\ProgramData\2809086545
:Files
ipconfig /flushdns /c
C:\Windows\tasks\At*.job
xcopy %Temp%\smtmp\1 “%AllUsersProfile%\Start Menu” /H /I /S /Y /C
xcopy %Temp%\smtmp\2 “%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch” /H /I /S /Y /C
xcopy %Temp%\smtmp\3 “%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar” /H /I /S /Y /C
xcopy %Temp%\smtmp\4 “%AllUsersProfile%\Desktop” /H /I /S /Y /C

:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

.
THEN

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

[*]Double click on ComboFix.exe & follow the prompts.
[*]Accept the disclaimer and allow to update if it asks

http://img.photobucket.com/albums/v706/ried7/NSIS_disclaimer_ENG.png

http://img.photobucket.com/albums/v706/ried7/NSIS_extraction.png

[*]When finished, it shall produce a log for you.
[*]Please include the C:\ComboFix.txt in your next reply.

Notes:

Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
Do not “re-run” Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

comp slowing down

Announcements