Laptop infected with virus. Followed instructions from board and logs are attached.

[shafe22]

I recently noticed the following message upon booting up my Dell Laptop:

Windows Update (6300-NGSRP-TMR521A-SMG-542PH-3180) . Check system setting or upgrade system.Maybe your system not full patch .System still safe. PATCH CODE : AS3-CTRKEA-SR.

I also noticed some sluggishness as well as seeing an occasional "Indian Smile" pop-up come onto my screen with the picture of a young Indian girl. Additionally, and maybe it's just paranoia, but my computer seems to be running hotter as well.

After some searching, I found this website and the 8-step instructions for removing malware. I ran through the process and am attaching the requested logs. Please help.

Thanks so much.

 

[rf6647]

You are infected. I recommend caution. Wait for a trained volunteer. Other logs may show that the major threat has been removed & the residual effects are easily handled.

See message #3 in this thread https://www.techspot.com/vb/topic103483.html

Big Caution - My source for threats "wiggled" about these HJT findings.
Resource site: http://www.runscanner.net/

However Message #3 indicates system files (svchost) are infected.
[edit] AVG detected much of this . Not known if all registry changes were made.[/edit]

Please be aware that when these F2 entries are fixed HijackThis does not delete the file associated with it. You must manually delete these files. However, it is NOT clear how to recover system files that are infected. See quote above.

HJT fix but do not delete files may be a safe choice. Downside is re-infection.

F2 - REG:system.ini: Shell=explorer.exe, scvhost.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe,scvhost.exe

[edit] stsystra.exe is legitimate o4 entry. [/edit]

Here is info showing linkages to this IP.& it raises my suspicions.

O17 - HKLM\System\CCS\Services\Tcpip\..\{B9532FA3-D721-4CCF-AE12-514756EB07C1}: NameServer = 10.10.10.3 10.10.10.5

 

[shafe22]

Thanks for the information. I will wait for a trained volunteer's input, but would I just be better off cleaning out my entire system and reinstalling everything? If I knew which areas to not transfer over to my external hard drive, I could backup everything else and start from scratch. I have to admit a severe lack of technical knowledge in this area, so please let me know if there are other better options.

Thanks so much and I anxiously await further input.

 

[rf6647]

Waiting for trained malware removal volunteer

When in doubt, back it up. Malware is easier to remove from a non-system disk.
Here is a recent thread

AVG may have forums dealing with this trojan. AVG did not clean system32/svchost.exe ? Or it was never infected?
It could be that they replaced it with a clean version or the informational web site did not have all the details correct.

I envision running scannow sfc. Worst case outcome - reload XP. I am weak with precise terms, but I am referring to 'replacement' - applications are not touched. If you have a slipstream copy of the installation CD, it takes less work.
Some reading about SFC and file protection

I try to avoid making extra posts in a thread. The volunteers get a false signal that progress is being made.

Unless you know that the o17 entry is useful, have HJT fix it.