8 Steps Complete, Logs Attached

[stitchintricia]

I have attached the following logs:

1

) Malwarebytes Anti Malware log
2) SuperAntiSpyware log
3) Hijackthis log​

I will await further instructions. Your help is greatly appreciated.

Thank you,

Tricia

View attachment mbam-log-2010-02-13 (18-36-26).txt

View attachment SUPERAntiSpyware Scan Log - 02-14-2010 - 01-06-00.log

View attachment Hijackthis.txt

 

[Bobbye]

I'll check the logs but need to know what problem you're having.

 

[stitchintricia]

Sure, Bobbye, that was in my first post and must have gotten lost along the way. The trouble was on my husband's pc and was a multiple infestation of virus/trojan and worm infections. I was able to kill the original win.netsky.32 worm infection but was left with that AVG virus that took over with all the pop-ups trying to 'sell' anti-virus products, etc. I worked on that with MS techs and HP techs to no avail, then was finally able to do a System Restore on my own and squelch that. However, it obviously left some stealth virus or trojans at work, blocking any attempt to connect to the internet and also blocking any attempt to open or install an anti-virus program.

By doing some rigorous scanning, using the products you recommended, I was finally able to overcome that. I couldn't install the Avira antivirus as the first step, but I was able to do so, after I went through the steps 2-6. Once I installed Avira as Step 1, I repeated all the steps again, to be safe, then attached the logs to this submission.

The added problem I had with the System Restore, was that some of my drivers disappeared, including my Ethernet driver. I have been unable to restore that or find the appropriate driver to reinstall. As a temporary fix, I added a USB Wirelesss adapter, just so we could get to our network and connect to the internet. I am hoping to be able to eventually resolve the Ethernet driver issue, too.
I understand, though, that the driver issue probably does not fall into this forum.

Thanks for your patience and your help~

Tricia

 

[Bobbye]

EDIT: Hold on this while I review your reply. You were posting while I was reviewing. I will come back in a bit.


You have two antivirus program running: You need to remove one of them:
Avira
Symantec
Removal Tools: Since Symantec/Norton is a paid product, if it is current, you might want to remove Avira if you have the free version. Just use the instructions for the program you want to uninstall:
[*]Norton Removal Tool To uninstall Avira:

• Start> Settings> Control Panel> Add or Remove Programs (Windows 2000/ XP) or Start - Control Panel - Uninstall a program (Windows Vista / 7)
• Wait for the list of installed programs to load, then click the name of the Avira program.
• Click Remove next to the program's name (Windows 2000 / XP) or in the menu above the list (Windows Vista / 7).
• Press Yes, to confirm the removal and then OK.
• . Click Next until Finish. The software is removed.

Please reopen HijackThis to 'do system scan only.' Check all of the following if present:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?T...=Q405&bd=pavilion&pf=desktop&parm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?T...=Q405&bd=pavilion&pf=desktop&parm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?T...=Q405&bd=pavilion&pf=desktop&parm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?T...=Q405&bd=pavilion&pf=desktop&parm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?T...=Q405&bd=pavilion&pf=desktop&parm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?T...=Q405&bd=pavilion&pf=desktop&parm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?T...=Q405&bd=pavilion&pf=desktop&parm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?T...=Q405&bd=pavilion&pf=desktop&parm1=seconduser
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?T...=Q405&bd=pavilion&pf=desktop&parm1=seconduser
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?T...=Q405&bd=pavilion&pf=desktop&parm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?T...=Q405&bd=pavilion&pf=desktop&parm1=seconduser

Close all Windows except HijackThis and click on "Fix Checked"

Take the following programs off of Startup:Global Startup means that the program will start on boot for everyone who logs on.
Click on Start> Run> type in msconfig> enter> Selective startup> Startup tab> Uncheck:
The following 2 entries are for a USB adapter. Unless you have to boot from the USB every time, it does not need to be on startup.
O4 - Global Startup: NETGEAR WN111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WN111v2\WN111V2.exe
O4 - Global Startup: GA311 Smart Wizard Utility.lnk = C:\Program Files\NETGEAR GA311 Adapter\GA311.exe
A tip: NONE of the HP Digital Imaging processes need to start on boot:
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Sonic CinePlayer Quick Launch.lnk = C:\Program Files\Common Files\Sonic Shared\CineTray.exe

When you finish> Apply> OK
Note: The first time you restart after making these changes, you will get a nag message. You can ignore it and close after checking 'don't show this message again.' Stay in Selective Startup.

Advise me of the problems, rescan with HijackThis and leave a new log.

 

[stitchintricia]

Re: after 8 steps, HJT, & msconfig, HJT

Hi Bobbye,
I made the changes via HJT and then mssconfig, as you advised, with the followiing exceptions. I left the two USB items in the msconfig, because they relate to my current (temporary) internet connection. Leaving them in just makes it easier quicker. After the changes and a reboot, I was unable to connect to internet at all, so I decided to try adding one or another of the items back, one at a time. I added the sonic cine player and, for whatever reason, after another reboot, I was able to connect again. I will try, once more to remove it, if you think it necessary....otherwise, my theory is, 'if it ain't broke...."
I do appreciate your expertise and help with all this. Please let me know what steps follow, after you check the attached log.

Thanks,
Tricia

 

[Bobbye]

So we didn't connect and you did everything I had in Post #4?

Please download ComboFix HERE:

• With ComboFix, at the download window, please rename it to Combo-Fix(.exe) before downloading it.
  
  Important! Save the renamed download to your desktop.
  
• Please disable all security programs, such as antiviruses, antispywares, and firewalls. Also disable your internet connection.

• Double click on the setup file on the desktop to run
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console.
• When prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  (Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.)
  
• Query- Recovery Console image
  
  
  
  
• Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
  
  
  
  
• Click on Yes, to continue scanning for malware.
  
• When finished, it will produce a log.Please include the C:\ComboFix.txt in your next reply.

Notes:

• 
  1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
  2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
  3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
  4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Follow with online AV scan:
Run Eset NOD32 Online AntiVirus Scanner HERE

• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the Active X control to install
• Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
• Click Start
• Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
• Click Scan
• Wait for the scan to finish
• Re-enable your Antivirus software.
• A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

I don't think the Cine entry removal broke the internet connection- it was a tray icon for quick launch of DVD player. IT was more likely the reboot that reestablished the connection.

You HijackThis log still looks like it isn't showing all the entries. You have no Active X entries-a section numbered as 016. Java is in there, flash player, Windows Genuine Validation and others. I'll know more after I see the report from Combofix and the Eset log. Please attach them to your next reply.

 

[stitchintricia]

Re: Can't install Anti-Virus/8 steps

Thanks, Bobbye, apparently I we were posting simultaneously. I did see your post 4 and follow through with the steps, except as noted. After that, the network connection failed on the next reboot, anyway, so I am unable to connect on that computer.

I will try to download the ComboFix to my USB and upload it to the PC that way. If that works, I will follow all the steps you have outlined. If that is not possible, I'll be back here asking for other directions in a few minutes.

Thanks, again,

Patricia

 

[stitchintricia]

Re: Can't install Anti-Virus/8 steps/Combo-Fix

Back again, Bobbye,

I was able to download Combo-Fix to USB and transfer and run on the infected/affected pc, and I have attached the log from that scan here.

Now, I am at a loss as to how to run Eset on a computer that won't connect. While I could download the initial file to USB, it won't run on the other pc without first attempting to connect for updates, etc., and it stalls there.

What should I do now?

BTW, the loss of internect connection seems to be only since we did the msconfig changes. When I have the system look for wireless networks, it does see them, it just fails to connect.

Thanks,

Patricia

 

[stitchintricia]

8 steps complete/ combo-fix and eset logs attached

Bobbye,
In order to run Eset, I had to revert to Normal Start Up, rather than Selective Start UP. There as no way I could connect to the internet, or use Eset, while in Selective Start Up.

I ran both Combo-Fix and Eset and both Logs are attached here. I'll be waiting to hear what to do next.

Thanks again for your help.

Tricia

 

[Bobbye]

Tricia, it sounds like something got unchecked using the msconfig utility. I put all my computers on Selective Startup the second day I have them. They stay that was for the years I use them. It's not the Selective Startup process> it's what is being unchecked.

I think I found the problem. You're running Network Magic (Pure Networks) There are 2 processes that need to be checked on the Startup menu:
nmapp
nmctxth
Check these also:
WSIMD wsimd.sys: This is the Wireless miniport process.
WN111V2.exe This is NETGEAR WN111v2 Smart Wizard

These should allow you to connect after making changes, staying in Selective Startup.

The Eset log shows the files cleaned. Did you have Eset clean them?

 

[stitchintricia]

Re:eset and combofix logs

Bobbye,
I checked the Startup processes in msconfig, and I do not find either of these two:

nmapp
nmctxth​

I suppose that may have something to do with my Network Magic not working and I'm guessing that I will have to do an uninstall and reinstall of that, eventually.

When I could not connect this pc to internet, due to missing Ethernet driver, and could not get help with driver from either HP or MS, I decided to use USB wireless adapter as temp measure, until I get the virus problems dealt with, and then go after the driver later. That is why I have these two:

WSIMD wsimd.sys: This is the Wireless miniport process.
WN111V2.exe This is NETGEAR WN111v2 Smart Wizard

Even so, I could not connect from Selective Startup and I can connect in Normal Startup. Perhaps it has something to do with Network Magic, or other missing files?

When I attempted to connect to eSet, I had made several attempts to connect, unsuccessfully...it is possible that, by the time I did connect, I forgot to uncheck the box that says, "Remove found Threats." In that case, I probably let eSet clean the machine, I can only hope it wasn't a fatal airhead mistake.

I will wait further instructions. I hope I haven't strained your patience beyond limits.

Thanks, again,

Tricia

 

[Bobbye]

Please reinstall Network Magic and let me know how the system works.

 

[stitchintricia]

Hi Bobbye,
I've just reinstalled Network Magic, also uninstalled the USB wireless adapter, and the pc is connecting to the network and the internet just fine! I still have to go hunt for a couple more drivers to reinstall, according to Device Manager...(Intel Pro/100 VE Network Connection and Multimedia Audio Controller) I think I can go back to HP and either find them there or get pointed in the right direction.

Is there anything else I need to do as far as the Virus/Malware situation goes? Other than make sure the firewalls and anti-virus programs are running, and schedule frequent scans-- oh, and caution my husband about downloads, etc.?

Thanks, again, for all your help, I'll watch for further instructions.

Tricia

 

[Bobbye]

Ah so that was it! Good.

I'd like to see one more Eset scan and HijackThis log when you get everything installed- just to make sure we didn't miss anything. Take you time- run them when you can and leave the logs. If they're clean, I'll have you remove the cleaning tools.

You might want to consider Selective Startup now that you've identified the problem.