1st Submission - hijackthis, et al

What a wonderful service you all provide to us poor users! I came here first because I was experiencing the exasperating WinFixer popups. After carefully following Chaslang's excellent, well-written instructions I think I may have eliminated that obnoxius Virtumonde/Vundo . I was also experiencing a non-responsive Win Explorer. I think I have fixed those two problems - please confirm from my attached files if you can.
But trouble continues in the form of a Powerpoint error at bootup. I'm notified that Powerpoint has encountered a problem and needs to close. I have prepared screencaps, but can't post them due to the 4 attachments limitation. Since it may be an application or process that causes that I am prepared to attach screencaps of Windows Task Manager "processes running."

Here's what I have done (not necessarily in this order):
Removed "MyWay Search Assistant" with Control Panel/Add/Remove Programs.
Hidden, system files viewing enabled.
Ad-Aware SE Personal (Build 1.06r1) run - used routinely
Spybot (v 1.4) run - used routinely
FixVundo.exe run
Kill2Me.exe run

Thank you!

 

I see no signs of a Vundo infection. Please attach a fresh HJT log from normal mode as this current appears from Safe Mode.

 

There's a fresh HJT log attached. I'll post a second message as soon as I have it composed: my credit card company called about Rumania.... Strangest thing

Thanks a million!

 

As I was saying, my credit card company called about Rumania....

It seems that my credit card was hit for three tries last week. $18, $33, $99. They all were refused by my credit bank. (Good folks, them.) My card is cancelled and will be issued again with a new number. My people mentioned Yahoo Wallet, but it doesn't ring a bell with me. Nothing found in an explorer search.
I have trouble believing in coincidence. I prolly screwed up surfing or buying before Christmas or something. Do you see anything?

 

Very strange and yet very suspicious. I would like to scan for rootkits to be sure this isnt a possible cause.

Please download Blacklight to its own folder...

F-Secure Blacklight

After download is complete, double click to run the program. Click "Accept" to procede. Then click SCAN to begin scanning your system.

Once the scan is complete it will attempt to clean the found infections. There should be a log in the folder that you ran the program from, attach this log to your next post along with the log from below.

Please follow the below steps...

1. Please download and unzip Rootkit Revealer to your desktop.
   
   
2. Please leave the defaults set as they are to:
   • Hide NTFS Metadata Files: this option is on by default
   • Scan Registry: this option is on by default.
   
   
3. Launch rootkit revealer on the system and press the Scan button.
   
   
4. RootkitRevealer scans the system reporting its actions in a status area at the bottom of its window and noting discrepancies in the output list. It may take a long time please disconnect from the internet and leave the PC to be scanned until it is finished.
   
   
5. The log can be very large please edit out the items in the following folders in the log : C:\RECYCLER\NPROTECT and C:\System Volume Information, if in the log, before posting it.
   
   
6. Please attach the the log here in this thread to your next post.

 

This log isn't very large afterall. See attached.

Thanks for your help.

 

Looks ok, what about the Blacklight log?

 

I completely overlooked it in your message. Here's the log....

 

Blacklight log looks good...

Scan with HijackThis and check the boxes for the following entries:
( Make sure ALL browser windows are closed when you click FIX )

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

Again, make sure ALL browser windows are closed when you click FIX.

Next, run CCleaner to clean up cookies and temp files.

Finally, I would like you to flush your System Restore points. Please follow the instructions in the below:

• Disable and Re-enable System Restore
  
  
• Turn OFF System Restore to flush any bad Restore Points.
  
  
• Then, follow the instructions at the bottom of the linked page to Re-enable the Restore Utility which will create a fresh restore point.

After you complete the above reboot once more and then scan with HijackThis and attach the new log.

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now.

 

Done. HJT log attached.

At the first reboot following flush and re-enable of the Restore points, everything was normal. On the next and subsequent reboot, I again get the Powerpoint error. For what its worth, I've attached screencaps of the error.

I'll reboot again once I send this. I'll send another message if I do NOT experience the error.

Thanks for your trouble!

 

Your log looks good, if you continue to have the PP problem I would recommend posting that in the Software Forum.

Are you having any further malware problems?

 

bjgarrick, you MF Freak, I can't thank you enough for your help.

demented, I finished what you suggested. PP again caused an error at startup. The exact screencaps (PwrPt error *.jpg) are attached, above. The log is attached.