Abebot, trojans, need help

Sunday scans

Attached


Malware bytes log (16 infections found and removed...scanned again and nothing found)

HJT log post malwarebytes scan

Still not finding "nttv.exe" in searching c drive and not able to "fix" that entry in hijack this

Desktop ini file that showed up on my desktop sometime during the malware scan. Not sure if I can just dump it, at this point, I don't want to risk pushing us backwards without checking with you.

I know that you like to hear how computer is performing during this process...just thought I'd let you know that for the first time I am encountering zonealarm popups stating that windows32... is trying to obtain server access. This error never happened before...must be from clearing out the trusted sites? I take it as a good sign that i am allowed to block them

As I type this....zone alarm just let me know that it protected me from local network access against my computer. I'll just keep blocking first, until I know I can trust it.

Ill have to look into this one, ill get back to you soon.

Thanks again...good luck

Is it a bad sign that we haven't touched base in a couple days? (kidding)

We're a little slow here this morning, took a while when I tried to start it up, and when I moved to hotmail to check for new post alerts, I noticed a security warning telling me I was about to leave a secure connection. Brain is sleepy, so I could be wrong but I don't remember seeing that on other systems when I check my "junk" account.

Just keeping you in the loop, take your time, I have tons of free time to tinker this week. (sigh)

Sorry about that, its been pretty busy here and in work, i just need to check some things out and I should hopefully reply tonight.

Just doing the daily check to see if you've been back to this board. It's been a week since I've run any kind of scan or fix on this thing, and this morning I thought I heard it let out a belly laugh as it booted. Little does it know, if it comes right down to it, I'll win however I have to! Hope you're doing well and not drowning in too many issues out there!

Run a fresh HJT scan for me. Sorry about the lack of response.

fresh scan

No worries, believe me i understand hectic!!

Fresh scan attached. Still can't get rid of that pesky nttv entry

Hmmm,

Ok then, lets dig a little deeper.

: Download and Run DSS

Download Deckard's System Scanner (DSS) to your Desktop. You must be logged onto an account with administrator privileges.

• Close all applications and windows.
• Double-click on dss.exe to run it, and follow the prompts.
• When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<- this one will be minimized.
• Attach the main.txt and the extra.txt in your reply.

deckard

Cheers! Good luck!

Go to add/remove programs and remove,
Viewpoint Media Player
ZoneAlarm Spy Blocker

Since recently, Zonealarm decided to include a "ZoneAlarm Spy Blocker toolbar" as well which is an optional during install.

However, this Toolbar now uses the AskJeeves/Ask.com searchengine.

Please download the OTMoveIt2 by OldTimer.

• Save it to your desktop.
• Please double-click OTMoveIt2.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
• Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  
  Code:

  C:\Documents and Settings\All Users\Application Data\Symantec
  C:\Documents and Settings\Christine\Application Data\Symantec
  C:\Documents and Settings\All Users\Symantec Temporary Files
  HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XcKh$vùõš/‚²ÆßfÏNC:
  HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XcKh$vùõš/‚²ÆßfÏNC:\Program Files\ISTsvc\istsvc.exe\\C:\WINDOWS\kcuwqyho.exe
  HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XcKhBenU\\C:\WINDOWS\kcuwqyho.exe
      

• Return to OTMoveIt2, right click in the "Paste Standard List of Files/Folders to Move" window (under the light blue bar) and choose Paste.
  
• Click the red Moveit! button.
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
• Close OTMoveIt2

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

File was 5k characters to long to post....see attached notepad file.

Can you run HJT again?

my bad...I could have sworn i attached a new hjt scan...here ya go.

Just a quick one....since removing viewpoint media manager I am gettnig bothered by popups asking me if i'd like to install adobe flash player....are these connected? I keep saying no, but even techspot wants to install flash on every visit...

Dont think that theyre related but it should be ok to go ahead and install it. Looking over the HJT log now.

I would like you to do an online scan so that we can what else may be in your system,
Run Kaspersky online scanner
With the exception of Internet Explorer, which must be used for this scan, keep ALL programs closed
Note: It is recommended to disable onboard antivirus program and antispyware programs while performing scans to speed up scan time and to make sure there are no conflicts.
Do not go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable resident antivirus protection along with whatever antispyware application you use.

Do an online scan with Kaspersky Online Scanner in Internet Explorer. You will be prompted to install and run an ActiveX component from Kaspersky, Click Yes.
Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75%. Once the licence accepted, reset to 100%.

• The program will launch and then start to download the latest definition files.
• Once the scanner is installed and the definitions downloaded, click Next.
• Now click on Scan Settings
• In the scan settings make sure that the following are selected:
  o Scan using the following Anti-Virus database:
  o Extended (If available, otherwise use standard)
  o Scan Options:
  o Scan Archives
  o Scan Mail Bases
• Click OK
• Under select a target to scan, select My Computer
• The scan will take a while so be patient and let it run.
• Please do not use your computer while the scan is running. Once the scan is complete it will display if your system has been infected.
• Click the Save Report As... button (see red arrow below)
  
  
  
• In the Save as... prompt, select Desktop
• In the File name box, name the file
• In the Save as type prompt, select Text file (see below)
  
  
  
• Include the report in your next post.

kapersky scan

attached kap0418 scan

Thats pretty much clean, how is the computer running at the minute?

Good to hear, I got nervous when I saw infected files and a couple viruses listed in the summary.....those just random items?

Computer is running better than my laptop at this point...