Computer with tons of Malware/Virus

Have run my own type spyware/virus programs and followed your "Read me first" listing and did all of those things listed there. The scans keep coming up with more stuff each time. It's like it wont' go away.

Specs on computer:

Dell Dimension 1100
Celeron CPU 2.53ghz
256 mb ram
Hard drive at 108GB now
Windows XP Home Edition vs 2002
Service Pack 2

Internet Explorer 6.0.2900 sp2

Ran:
Ad-Aware 2007
Spybot
AVG 7.5 Virus Protection
Trend-Micro online Housecall
CounterSpy
BitDefender
CCleaner
VundoFix.exe
PandaActiveScan.
GetRunKey
ShowNew

I got to step 7 where it says post a message, so here I am. This is the first time for a posting and I will do my best to supply you with all the information that you need to help me fix this problem. I've been working on it for 2 weeks now and have become very frustrated with it.

Will post 2nd one with the other files attached.

Thanks in advance for your help!!!!

 

Part 2 of the logs requested.....

 

Hi GoLeftFast!
Welcome to Major Geeks!

I'm looking at your logs. This takes a good while, so please be patient! The log for Counterspy is missing. Should be called counterspy.txt. Please take a look for that.
abri

 

I could not find the file you are asking for. I guess I forgot to create one. I did a search of my computer using *.txt and it was not there. I opened up CounterSpy, went to that first day's scan history, and clicked on view full details of scan. That brought up a new window with the scan information in it. I copied, pasted and attached it here.

I hope this will work for you. I ran CounterSpy 2 more times after that and both came up clean.

 

Hi GoLeftFast!!

Thank you GoLeft! That was just what I needed for Counterspy!

Please carry out the following instructions:

1) Please look in Add/Remove Programs for the following and uninstall them if found. If you get any errors just make a note and proceed.

- Java 2 Runtime Environment, SE v1.4.2_03
- Search Assistent
- Sunbelt Counterspy <=== we don't need this anymore
- Viewpoint Media Player

2) If you do not use Windows Messenger (not to be confused with MSN Messenger!!) I would like you to run
Disable/Remove Windows Messenger

3) Now scan with HijackThis and check the boxes for the following entries:
( Make sure ALL browser windows are closed when you click FIX )

4) Now download The Avenger by Swandog46, and save it to your Desktop.

• Extract avenger.exe from the Zip file and save it to your desktop
• Run avenger.exe by double-clicking on it.
• Check the 'Input script manually' box.
• Click on the magnifying glass icon.
• Copy everything in the Quote box below, and paste it in the box that opens:

• Now click the 'Done' button.
• Click on the traffic light icon and OK the prompt.
• You will be prompted to restart, OK the prompt and your PC should reboot, if not, reboot it yourself.
• A log file from Avenger will be produced at C:\avenger.txt

5) Please download ATF Cleaner by Atribune. This program does not require an installation. The executable actually runs the program.

NOTE: This program is for Windows XP and Windows 2000 only. ATF Cleaner will remove all files from the items that are checked so if you have some cookies you'd like to save. Please move them to a different directory first.

• Double-click ATF-Cleaner.exe to run the program.
• Under Main choose: Select All
• Click the Empty Selected button.

If you use Firefox browser

• Click Firefox at the top and choose: Select All
• Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

• Click Opera at the top and choose: Select All
• Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main ATF Cleaner menu to close the program.

6) After you have completed All of the above, please attach the Avenger log, and after running new scans for ShowNew (newfiles.txt), GetRunKeys (runkeys.txt) and analyse.exe (hijackthis.log) please attach fresh logs for them as well. Also, please let us know how it went and how your computer is running now.

• Avenger Log
• ShowNew Log
• GetRunKey Log
• HijackThis Log

abri

 

Hi Abri!

I'm amazed at your work so far!

Ran Avenger and received the following errors:

Syntax error in line --- does not appear to be a valid registry path. Line will be ignored. Press OK to log error and continue or cancel to abort. I clicked OK.

Then got:

Error code:0
Line:
I then clicked OK, only choice to make.

Then got:

HKey_Current_User\Software\Microsoft\Windows\CurrentVersion\Policies\System\Wallpaper

I then clicked OK and got the log I've attached.

 

The other logs you requested......

 

Hi GoLeftFast!!

• Please run avenger.exe by double-clicking on it.
• Check the 'Input script manually' box.
• Click on the magnifying glass icon.
• Copy everything in the Quote box below, and paste it in the box that opens:

• Now click the 'Done' button.
• Click on the traffic light icon and OK the prompt.
• You will be prompted to restart, OK the prompt and your PC should reboot, if not, reboot it yourself.
• A log file from Avenger will be produced at C:\avenger.txt

Please run ATF Cleaner.

• Double-click ATF-Cleaner.exe to run the program.
• Under Main choose: Select All
• Click the Empty Selected button.

If you use Firefox browser

• Click Firefox at the top and choose: Select All
• Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

• Click Opera at the top and choose: Select All
• Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main ATF Cleaner menu to close the program.

If you are not having any other malware problems, it is time to do our final steps:

Before you continue, please check the Avenger log to see if the deletion of that one registry value was successful or not. If it was NOT, Stop Here and post the Avenger log with your next post.

• Avenger Log

If Avenger WAS successful in deleting that one registry value, please do the following:

abri

 

Avenger did not delete the line. Text attached.

Ran ATF Cleaner and deleted all files.

I looked into the registry and the entry "wallpaper" is still there.

 

Hi GoLeftFast!

Please copy the contents of the below Quote Box to Notepad. Then click File and then Save As. Change the Save as Type to All Files. Name the file fixme.reg and then click save. (make sure you save it somewhere you can find it. Saving it to your Desktop may make that easy.) Then double-click on the fixme.reg file on your desktop (or locate it with Windows Explorer and double click on it if not saved to the Desktop) and when it prompts to Add in to the registry, say yes.

After you've completed that

Please run ATF Cleaner.

• Double-click ATF-Cleaner.exe to run the program.
• Under Main choose: Select All
• Click the Empty Selected button.

If you use Firefox browser

• Click Firefox at the top and choose: Select All
• Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

• Click Opera at the top and choose: Select All
• Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main ATF Cleaner menu to close the program.


And finally,if you are not having any other malware problems, please do any remaining clean-up steps in the box below:

Let me know how things are working!
abri

 

Hey Abri,

Computer is running great! All scans come up clean now. I can't thank you enough for helping me get it back into shape.

Thanks!