Solved Virus/Spyware/Malware Problem

[Broni]

Print this post out, since you won't have an access to it, at some point.

1. Open HijackThis.

2. Close all windows, except for HijackThis.

3. Put checkmarks next to the following HijackThis entries:

O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll (file missing)
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - (no file)


4. You should also checkmark following entries (these are unnecessary startups; no actual programs will be removed):

O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe

5. Click on Fix checked button.

6. Restart computer.

7. Post new HijackThis log.

 

[rrw1217]

Latest Hijack This Log

Thanks - here is the updated post-removal Hijack This log

 

[Broni]

Your computer is clean

1. Turn off System Restore:

- Windows XP:
1. Click Start.
2. Right-click the My Computer icon, and then click Properties.
3. Click the System Restore tab.
4. Check "Turn off System Restore".
5. Click Apply.
6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
7. Click OK.
- Windows Vista and 7:
1. Click Start.
2. Right-click the Computer icon, and then click Properties.
3. Click on System Protection under the Tasks column on the left side
4. Click on Continue on the "User Account Control" window that pops up
5. Under the System Protection tab, find Available Disks
6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C:")
7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
8. Click OK

2. Restart computer.

3. Turn System Restore on.

4. Make sure, Windows Updates are current.

5. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

7. Run defrag at your convenience.

8. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

9. Please, let me know, how is your computer doing.

 

[rrw1217]

Update

I ran these following steps and read the topic regarding infections - was feeling quite ill myself (not as infected as the computer was, I don't think!) the past couple of days, so haven't really been on it much - it certainly seems to be functioning normally at the moment, will certainly update you later once I have had the opportunity to spend more time working on it.

Regarding the suggested steps for avoiding infection, I had wanted to ask about the programs we utilized to clean up the computer, and whether or not it was OK to keep them on the computer or if they should be removed - it sounded from the article as if the Malwarebytes program as an anti-spyware tool can be used in addition to/as a supplement tool to the existing anti-virus program - is that accurate? Hijack this is the other I noticed still present - should I remove or leave on as well?

Also, I was curious if AVG was considered an adequate anti-virus program. I presume (though obviously don't know) that my problem originated with McAfee not updating properly and not being fully operational. Along with my ensuing difficulties removing McAfee from the system, that left a lot of time where the computer was not protected. I chose AVG on one person's recommendation - I was just desperate to get something functional on there. I guess I was wondering if AVG should have done a better job catching/removing issues from the computer, or if that's just not feasible if they were pre-existing issues.

Thank you so, so much for your time and effort. I can't imagine the time (and money and aggravation) you must have saved me - its amazing what you guys do here!

 

[Broni]

You're very welcome
AVG is a very good program, much better than McAfee.
You should also keep Malwarebytes and run occasional scans (remember to always update it, first).
I also suggest, you run TFC weekly.

Good luck and stay safe