Hi, I'm new here. This looks like a pretty busy place, you guys seem to help a lot of people, and since I didn't get a reply in the other forum I found a few days ago I thought I'd try this place. Thanks in advance to anyone who takes the time to read.
The following is a detailed description of the issues I've encountered the past week. I apologize that it's so long, I just don't want to leave out any important details. I have also included the logs from the 8-step process. It actually looks like I've cleaned everything out, but I'd like an experts opinion to make sure.
About a week ago, I managed to infect my system. I believe it happened when I accidentally clicked a third-party ad on a website, and silly me had my avast turned off at the time. D: My desktop picture suddenly changed itself to a .gif file that said "Your system has been comprimised! Run a virus check now! Vulnerable to third-party.... etc etc" and there was red X icon on my system tray that I had never seen before.
I ran avast and it found some corrupted files which I removed, but I still could not change my desktop picture back to normal. When I tried (by right clicking into the display properties as I normally would) it would not allow me to browse for a new picture. I could not alter the desktop in any way, so I knew something was still wrong.
Also, when I did a google search, and clicked on a search result link, it took me to unwanted websites. For example, even though the file path of the link pointed to techspot, when I clicked it, it took me to some random site.
I found the link problem to be changes in my registry and also the internet settings of my browser. Firefox was setup to access internet through a proxy server called 7171. I disabled the proxy and deleted the 2 registry files that pointed to the proxy:
HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings, ProxyServer =http=localhost:7171
and
HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings, ProxyOverride = *.local;<local>
that fixed the google problem. I also found registry files that said "disabletaskmanager" "noactivedesktopchanges" and "noactivedesktop" so I deleted those. I also found a file called m3SrchMn.exe. Then I ran malwarebytes, and it found a few things that I removed.
Malwarebytes seemed to have fixed everything, though. I restarted and all was well. This was 1 week ago.
Today, I turned my computer on, and found that I was stuck in the Log-on, Log-off loop. I managed to fix that by booting from my Windows XP CD and using the recovery mode.
I then downloaded Adaware, and it turned up malware files called Win32.TrojanD\.\ader.NewMedia along with a few other things. But after that, I was suddenly unable to connect to the internet. I tried using a restore point but that didn't work. So I ran a check with internet explorer and it told me the problem was (LSP): Web Guardian. I got onto my husbands computer and learned that malware uses LSP's to mess with the firewall. (or something) So anyway, I deleted it as IE suggested, then rebooted and now I'm online again.
I have since removed Avast and installed Avira. Before starting the 8-steps recommended by this board, I ran a full Avira scan, and it found quite a few things, so I enclosed the Avira log along with my Malwarebytes, SuperAntiSpyware and HTJ logs. I ran the CCleaner twice as suggested, and it removed quite a bit. Malwarebytes found absolutely nothing, but SuperAntiSpyware found a lot.
My systems clean, everything is working normally. I believe I'm ok, but I would appreciate anyone who can verify that for me. This has been quite the nightmare, I've never infected myself like this before. D:
The following is a detailed description of the issues I've encountered the past week. I apologize that it's so long, I just don't want to leave out any important details. I have also included the logs from the 8-step process. It actually looks like I've cleaned everything out, but I'd like an experts opinion to make sure.
About a week ago, I managed to infect my system. I believe it happened when I accidentally clicked a third-party ad on a website, and silly me had my avast turned off at the time. D: My desktop picture suddenly changed itself to a .gif file that said "Your system has been comprimised! Run a virus check now! Vulnerable to third-party.... etc etc" and there was red X icon on my system tray that I had never seen before.
I ran avast and it found some corrupted files which I removed, but I still could not change my desktop picture back to normal. When I tried (by right clicking into the display properties as I normally would) it would not allow me to browse for a new picture. I could not alter the desktop in any way, so I knew something was still wrong.
Also, when I did a google search, and clicked on a search result link, it took me to unwanted websites. For example, even though the file path of the link pointed to techspot, when I clicked it, it took me to some random site.
I found the link problem to be changes in my registry and also the internet settings of my browser. Firefox was setup to access internet through a proxy server called 7171. I disabled the proxy and deleted the 2 registry files that pointed to the proxy:
HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings, ProxyServer =http=localhost:7171
and
HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings, ProxyOverride = *.local;<local>
that fixed the google problem. I also found registry files that said "disabletaskmanager" "noactivedesktopchanges" and "noactivedesktop" so I deleted those. I also found a file called m3SrchMn.exe. Then I ran malwarebytes, and it found a few things that I removed.
Malwarebytes seemed to have fixed everything, though. I restarted and all was well. This was 1 week ago.
Today, I turned my computer on, and found that I was stuck in the Log-on, Log-off loop. I managed to fix that by booting from my Windows XP CD and using the recovery mode.
I then downloaded Adaware, and it turned up malware files called Win32.TrojanD\.\ader.NewMedia along with a few other things. But after that, I was suddenly unable to connect to the internet. I tried using a restore point but that didn't work. So I ran a check with internet explorer and it told me the problem was (LSP): Web Guardian. I got onto my husbands computer and learned that malware uses LSP's to mess with the firewall. (or something) So anyway, I deleted it as IE suggested, then rebooted and now I'm online again.
I have since removed Avast and installed Avira. Before starting the 8-steps recommended by this board, I ran a full Avira scan, and it found quite a few things, so I enclosed the Avira log along with my Malwarebytes, SuperAntiSpyware and HTJ logs. I ran the CCleaner twice as suggested, and it removed quite a bit. Malwarebytes found absolutely nothing, but SuperAntiSpyware found a lot.
My systems clean, everything is working normally. I believe I'm ok, but I would appreciate anyone who can verify that for me. This has been quite the nightmare, I've never infected myself like this before. D: