Request for Help with Malware Removal

Hi there. I have run through all the steps in READ AND RUN ME FIRST and attach the first three resulting reports in this post and the remaining reports in the next post.

Issues:
1. Internet Explorer will close itself automatically when I go to certain websites. Ex: www.analyzemath.com/expfunction/expfunction.html

2. During the BitDefender scan I received the following McAfee alert:

File: tmp002403fa
Virus Name: New Poly Win32
File Path: C:\Documents and Settings\Rif Haffar\Local Setttings\Temp\tmp00001bbd
McAfee was unable to clean, quarantine or delete the file and, each time after I asked it to do so, it would come back with a different file, for example: tmp00557092 and tmp0055b401

3. BitDefender reported four issues. Two of these were Disabled Microsoft Virus Scan and Disabled Microsoft Firewall. I unchecked these so they would not be fixed because I am running McAfee Virus Scan and Firewall and did not want to create a conflict.

4. Despite your excellent instructions, I saved the BitDefender report in the default html version generated by the program. I did not save as txt as you instruct, merely because at that stage of the process I had become numb and stupid. Then, when I tried to upload it, I received an error message that the log file was invalid. So I changed the extension to txt and re-uploaded it successfully. If this is a problem I will repeat the scan and generate a txt file.

Thanks for your attention and, regardless of my own minor issues, congratulations on a superb website.

 

Re: Request for Help with Malware Removal (Add'l Reports)

Panda Active Scan and ShowNew reports attached.

One more point: I had to run BitDefender in Normal Mode since it would not proceed while in Safe Mode without downloading updates and I did not know enough to get around that.

Best regards,

Rif

 

The installed version of Java on this compter is out-dated.

Uninstall the below old versions of software:
Java 2 Runtime Environment, SE v1.4.2_03

Then install this version: Sun Java Runtime Environment

Your hijack log is clean.
Bitdefender dleted the files it found anyway.
Activescan only found a few cookie which arn't really of any consequence.

The files bitdefender found were part of a program called intellimover. Do you know what it is ?

I see from your logs that you have a lot of software installed, and are running a lot of programs at startup which are not necesary. I am inclined to think that your internet explorer issue isn't malware related but possibly from a lack of resources.

McAfees site says that what it is detecting is a heuristic result, This means it is detecting it as a virus because it is merely behaving like one.

http://vil.nai.com/vil/content/v_99969.htm


Reboot into safe mode and delete the contents of C:\Documents and Settings\Rif Haffar\Local Setttings\Temp\

I suggest you uninstall any programs you don't need, run ccleaner to clean out all your temp folders, temporary internet files etc, defrag your hard drive and remove any unneeded startup entries.

You can start by fixing these lines with HiJackThis, this will stop the programs running at startup


O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BounceBack Launcher.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

 

Thanks Matt. Everything came off without a hitch.

Regards,

Rif