Inactive Need help with malware and HJT results

[MysticBlueRaven]

I need some help with my husband laptop. I ran HJT and this is what the results are.
Not sure what to next.

[HJT log removed - Broni]

I also ran Malwarebytes' Anti-Malware



Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6420

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

4/22/2011 2:06:57 PM
mbam-log-2011-04-22 (14-06-48).txt

Scan type: Full scan (C:\|)
Objects scanned: 228873
Time elapsed: 50 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4D1C4E81-A32A-416B-BCDB-33B3EF3617D3} (Adware.Need2Find) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\WRC\Desktop\televisionfanatic(2).exe (Adware.FunWeb) -> No action taken.
c:\documents and settings\WRC\Desktop\televisionfanatic.exe (Adware.FunWeb) -> No action taken.
c:\WINDOWS\Fonts\acrsecB.fon (Trojan.Agent) -> No action taken.
c:\WINDOWS\Fonts\acrsecI.fon (Trojan.Agent) -> No action taken.



Thank you very much for all your help

 

[Broni]

Welcome aboard

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running tools or applying updates other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

====================================================================

Your MBAM log shows "No action taken" after each line.
Re-run it, FIX all issues and post new log.

 

[MysticBlueRaven]

I forgot to add that my the following information, I ran my anti-virus program Norton security suite and nothing showed up and it is up to date. I also ran spyblot search and destroy and nothing showed up. Will post more after I do what the link ask me to do. Thank you very much for your help

 

[Broni]

Sure thing

 

[MysticBlueRaven]

I done everything the 8 step removal,except the last one. I ran into a problem. Explorer keep closing on me and his computer freezes when I try to save text in another log. I will post more when I figure out what is going on

 

[Broni]

Which exact step is giving you problems?

 

[MysticBlueRaven]

Right now is saving the text files dds and attach logs to the desktop, notepad keeps freezing

 

[MysticBlueRaven]

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6441

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

4/25/2011 10:51:24 AM
mbam-log-2011-04-25 (10-51-24).txt

Scan type: Quick scan
Objects scanned: 154031
Time elapsed: 4 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4D1C4E81-A32A-416B-BCDB-33B3EF3617D3} (Adware.Need2Find) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\WRC\Desktop\televisionfanatic(2).exe (Adware.FunWeb) -> Quarantined and deleted successfully.
c:\documents and settings\WRC\Desktop\televisionfanatic.exe (Adware.FunWeb) -> Quarantined and deleted successfully.
c:\WINDOWS\Fonts\acrsecB.fon (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\Fonts\acrsecI.fon (Trojan.Agent) -> Quarantined and deleted successfully.

 

[MysticBlueRaven]

GMER 1.0.15.15570 - http://www.gmer.net
Rootkit scan 2011-04-25 12:58:28
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 Hitachi_ rev.BB2O
Running: 7wd47w9g.exe; Driver: C:\DOCUME~1\WRC\LOCALS~1\Temp\fxdyapog.sys


---- System - GMER 1.0.15 ----

SSDT 89889960 ZwAlertResumeThread
SSDT 89889A40 ZwAlertThread
SSDT 898E2A10 ZwAllocateVirtualMemory
SSDT 89A42348 ZwAssignProcessToJobObject
SSDT 89C5F348 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0x9BD10210]
SSDT 8963B1A0 ZwCreateMutant
SSDT 8967C140 ZwCreateSymbolicLinkObject
SSDT 89BC3AE8 ZwCreateThread
SSDT 89661070 ZwDebugActiveProcess
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0x9BD10490]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0x9BD109F0]
SSDT 89873450 ZwDuplicateObject
SSDT 895FE160 ZwFreeVirtualMemory
SSDT 896710D0 ZwImpersonateAnonymousToken
SSDT 896711B0 ZwImpersonateThread
SSDT 89B64110 ZwLoadDriver
SSDT 89BBF888 ZwMapViewOfSection
SSDT 8963B0C0 ZwOpenEvent
SSDT 898EF738 ZwOpenProcess
SSDT 89873390 ZwOpenProcessToken
SSDT 8962F0D0 ZwOpenSection
SSDT 898EF648 ZwOpenThread
SSDT 89A42258 ZwProtectVirtualMemory
SSDT 898853C8 ZwResumeThread
SSDT 8964E3E0 ZwSetContextThread
SSDT 8961E0C0 ZwSetInformationProcess
SSDT 89661150 ZwSetSystemInformation
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0x9BD10C40]
SSDT 8962F1B0 ZwSuspendProcess
SSDT 898854A8 ZwSuspendThread
SSDT 898B1948 ZwTerminateProcess
SSDT 8964E300 ZwTerminateThread
SSDT 8961E1B0 ZwUnmapViewOfSection
SSDT 898E2920 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

? knyassna.sys The system cannot find the file specified. !
? SYMDS.SYS The system cannot find the file specified. !
? SYMEFA.SYS The system cannot find the file specified. !

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device 9A782D20

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----