Major Crisis! Svchost.exe.mpmd/Winog Trojan/RuntimeError + more..

Now please bare with me n if u are scared by the size of this message be assured it is pretty well written, Easy to follow and as thoroughly descriptive as possible!
If not now, please read when u have a minute! Thank You

--------------------------------------------------------------------

After 8 days of dealing with a computer that had no protection besides it's firewall, Stubbornly n Ignorantly knowing but disregardingly downloading an "exe" file from a "Keygen" site :cry Ever since a reboot from that dreaded night my issues haven't ceased!
I brought my laptop to a shop out here on the Islands. (Im In the Azores) on a friday early afternoon. I figured a thorough virus scan would do the trick n was much needed (since like i said i was running with no AV or AS prior but was doing well as far as no problems nor lag till that exe DL/Extraction)

Anyhow I bring him the laptop at around 1:30pm Fri. I figure for a thorough AV/AS scan he should surely get it done today depending on how busy he is n if not it sure surely be allset by no later then Sat. night.

So Tuesday 4:30pm rolls around! No phonecalls. I go there to find him sitting at his desk on a laptop with mine still in its case on the front chair of his desk untouched!!!!!!!!!
Im like whats' going? he just looked at me like a kid with his hand caught in a cookie jar except with no shame.

I threatened his life (well not really) I just openly described my anger n discontent.
He then proceeds to plug in his usb Drive, install avg, Reg Mechanic & SpyBot Search & Destroy.
He cleans out whatever those things detect in front of me (I wouldn't leave) after about 2 hours n some issues having been detected he reboots. I tell him to try going online (which is where my major issue was) everything looked cool.
So whateva I payed him hs E25 n leave.

So i get home. On windows startup i get this beige popup error for "awtttx.exe" or something of the sort. Im like wtf?!?!

Not only this, I have the strangest error/problem where when i drag any file in or out of a folder Windowsinstaller pops up the installer box for "Easy Cd & DVd creator 6" :confused
Doesn't matter what i drag, txt file, mp3, app, whateva right before it drops into whateva i drag it into to perform the action the windows installer comes up for the easy cd installation.
I did remote access with 2 tech friends just to show them n they both were baffled n laughed.

So we proceeded to uninstall Roxio Easy cd from "Add Remove" ( i don't need it anyhow) everything was successfully removed but the folders. I then manually removed those but there was one file not wanting to be removed cuz of copyright Bs so i deleted it in Safe Mode it was "Shellex.exe or something of the sort from the roxio software.

I thought i was golden, i reboot drag something in to something n bam, again!

The last oddball error is I get a runtime error pop box on windows shutdown right after "Saving Settings" at the blue windows screen n right before it actually turns off. Says runtime error n the file directory if im not mistaken is win32 folder svchost.exe

I had neither of these 3problems prior to going to the tech n him doing his scan or whatever that i knew of.

Now onto the real/Original issue.

My reason for going in was after the night of the infamous exe file DL from that keygen site after that shutdown on my next reboot i tried to sign on line n was successful for about 20 seconds n got the infamous (Generic Host Process Win32 services) in the error log or signature it had svchost.exe.mdmp n another file. I don't recall the other now it was a txt file tho n started with at if i can recall correctly.

I rebooted n rebooted prolly 50 times that day I ran Avg n all the AV/AS apps the tech guy had installed on my system atleast 6 times over n over not only did i find over 100 more malicious issues, torjans etc after he had claimed he cleaned things out thoroughly but the online connection issue hadn't been resolved at the shop nor did my further scanning at home resolve it!

Now heres the Zen riddle!

All day after 8 hours str8 of scanning, registry cleaning n rebootin in attempts to get online n get this potential virus cleaned if it is one I still couldnt get online for the love of god.

So i pass out, go to sleep, wake up about 3:30 am open windows sign on, open mozilla & IE n i get online with no problems!! everything seems to be running good, i stay online for most of the day till svchost's running processes run the cpu Usage through the roof n my laptop shuts down!

When i restart Generic host process is back at it for the rest of the day! now im really confused! Again i spend hours scanning, signing on after lots of reboots n using the few minutes i have between the Generic host error pop n the system countdown shutdown to research with google about the issues in hopes of finding a resolve.

Later that night, I pass out wake up about 5am open windows, whaddya know? Im online again! this time i manage my processes n keep the laptop cool enough to stay online for over 10 hours in fear if i rebooted id'e lose my online activity again. This is when i remote accessed n had a friend of mine take a look at things. He said he was stumped.

I did have an issue where i could not Update windows, he said this was most likely the issue. We disconnected, i further researched with the error # provided on nonupdating windows error n read i needed to uninstalll wininstaller n reinstall it from MS. I did this n i could finally update still nothing! Generic host etc...

So here I am on my 3rd day online from my first boot of the day.

Heres what Iv'e scanned with in the past 4 days.
Avg 7.5
Adaware Se Pro.
Trojan Hunter
Registry Mechanic
Nod32 AV/AS

I also have the "wigon trojan" that Nod32 pops when i log on with my dsl connection everytime after restart! I was thinking maybe it was catching the "generic Host process"?
prolly not.

My comp is pretty normal far as speed wise, no lag or pop up issues just the Easy Cd installer thing when i drag a file into anything, the Runtime error/svchost.exe pop up right before shutoff n the Generic Host Process win32 services/ svchost.exe.mdmp when i log on most of the time.

I am posting this in hopes that these issues are potentially resolvable without needing a reformat.

Another solution i came across on the web was Run>sfc /scannow n do that with my OS disc n let it copy any files but i didnt wanna do that without being sure it was effetive and unharmful to my system.

Thanks for sticking it out n GodBless,

 

Heres a new one... 43 Iexplorer.exe running in process?!!?!?!

Today or just now i noticed my task manager has 86 process running under 20% cpu usage n about 40+ Iexplorer.exe's :cry with no Explorer browser open!!!
http://img3.freeimagehosting.net/uploads/de373c6718.jpg

 

Re: Heres a new one... 43 Iexplorer.exe running in process?!!?!?!

Holy ****, im now at 96 processes n over 60 Iexplorer.exe's Please help soon!!! :cry

Im sure this all related to my first post I can't understand tho, i ran lots of AS/AV's n cleaned alot aswell. I even ran Adaware in safe mode.

 

Re: Heres a new one... 43 Iexplorer.exe running in process?!!?!?!

Welcome to MajorGeeks.com!

Please follow the instructions in the below link and attach the requested logs when you finish these instructions.

Read & RUN ME FIRST Before Asking for Support

 

Re: Heres a new one... 43 Iexplorer.exe running in process?!!?!?!

Uh.. huh? My windows is XP i assume i go there n download all the "tools"?
I just read through it all n i dont quite understand how to work "MGtools" n the toggle system restore.

ALso im afraid to run combofix n lose my connection. The reason is in my "Major Crisis thread.

(I just heard the blip sound of the Iexplorer.exe popping a new Iex task in my task manager) :cry

 

Well i just spent the last 4 hours scanning in windows safe mode with Adaware n Spybot. Spybot found a few things mostly cookies Adaware found 98 issues including a rootkit n some malware virus's

Im not sure how to get proper "logs" and for what. I don't even think i know what a log is n what it's for.

Nod32 catches a win32 Wigon trojan everytime i sign on n it just caught a NBT thing aswell.

I wasn't trying to bump anything i figured the Iexplorer was a seperate issue so i actually figured by making its own thread i wouldn't look like i was bumping this one.

I am just hesitant on the proceedures in the thread and and don't wanna mess anything up.
Especially the MGtools. I use firefox. Whenever i DL something the only options i get is SAVE or Cancel so it auto saves to desktop how i can i change it to go where the read me says n where is my "root folder" or the appropriate folder it needs to go in located?

 

:cool
After using Combofix, n rebooted in finding some things to delete, when i came back on Firefox opened up crazy faster than usual n Nod32 did not detect wigon trojan like usual!!!!!!!!!!! :drool:drool

Heres the log for Combo fix, i dunno how to get a log for Spybot i just did about 30 minutes ago in safe mode n i will try n get my last log from avg.

EDIT:

Well i didnt seem to be able to find my results from AVG the other night. I went n uninstalled Nod32 tho, reinstalled AVG n exported my Virus Vault.

I assume i should mess with MgTools until u guys verify im malware virus free, also let me know about how to save it n exactly where when ready as stated above.

Thus far combo fix seems like the miracle cure!!! No more Generic Host process on sign on and my windows loads fast as do my programs open ever so quickly!

EDIT # 2

I assume and am now confident my last problem is an error I figured i would print screen during the process.
I used the example of (dragging the avglog file attatched here into my "Security Appz" folder. Notice how dragging files into folders initiates the installer to attempt to install Easy CD which by the way is wholly deleted to the best of my knowledge.

http://img3.freeimagehosting.net/uploads/81117079a3.jpg
confused

 

Sorry bout that!

My other logs are in my last post under the screen shot.

 

AFTER USING MGTOOLS (I BELIEVE) I have this file on my desktop it looks super important, I dunno how it got there but can someone help me guide it back!?!?! (Thumbs.db)

THANKS!!

http://img3.freeimagehosting.net/uploads/c3a3832429.jpg

 

sorry for the bump but 4th page? :cry

Incase the tech guy shows up at the house today i wanna have this issue resolved so i dont have to give the laptop to him n have to pay for something that seems to be already fixed for the most part thanks to Major geeks i got my logs up.

Thanks.

 

Wow man, Im sorry. I didnt not mean to be a burden. I go on many forums n just did not understand how things work here far as responding.

Thank you guys so much for taking the time out of your lives to help people out on your time. Its a true blessing.

This stuff here..

and also the stuff in the "Code" Ren V section is that all things u aquired from you analysis from the logs?

If so thats cool man, thats some skill n talent. I am getting to it now n will be back with the logs.

N um... Since then ive installed 2 new things on my comp. 2 apps from www.Bootskin.com hopefully you don't see anything outa the ordinary in my next log.

Also how often should i run reg mechanic and do you think this last process will fix that error on the screen shot from my drag file to folder issue?

Peace n blessings kind sir.

 

Well sir, I dunno how u do it. I noticed up top this on mgtools initiation that u designed it. Pure genious u n your tools.

Everything seems alot more ridiculously responsive. especially my start menu actions n arrow actions.:yum

My last n only odd problem i have it seems is that damned error when i drag files in or out of folders.
Look at the screen shot in refference when u have a minute sir. (Hopefully this issue can be deciphered and doesnt require a reformat)

Oh yea CCleaner is amazing, Just wow. I immediately deleted RegMechanic.
Id'e like to know a few other things aswell I have. AdAware SE Pro, Avg, Ccleaner (now) and Spybot S&D installed. In a seperate folder i have all the setups for those programs plus Trojan Hunter and Nod32.

You think i should keep AVG or replace it with Nod32 as an installed AV app?
Should i keep Adaware n Spybot or just one or do they serve diff purposes?

Also is there any issues that may affect the actual program by deleting the setup exe's? such as Java setup on my desktop? If i delete it wont effect the app correct?

What preventative maintenance tasks do you recommend i take to keep my system running clean n out of harms way?
What exactly was ViewPoint media?

Here are my logs sir.
Thank you & GodBless,
PS. you guys have a donations section? id'e like to donate in the future when i'm able if possible.

 

Sir, I went to my adduninstall thingy in control panel n uninstalled all the java updates n main app.

When i ran all the stuff mgtool n combo i came back online n googled Java Sun n went to the main site n DL'd what i thought was the newest version. My bad man what version do i need?

Also what do you have to say about my drag n drop error? when i ever i drag n drop in or out of folders I get the install box for roxio cd n dvd creator n have to click cancel 2wice before it goes away. ITs super annoying.

I will get to the final processes.

Thanks again Chaslang, u will not be forgotten!

 

wow man. again Im new im not used to multiple colors for links. I instead took the name n googled it.
Lol @ my stupidity.

Thanks again man, other than that i followed everything. I even copy n pasted the instruction body into a text so i could work n not have any browsers open.

Thanks again lang!

http://i7.photobucket.com/albums/y296/RzaRektah99/bow_down.gifhttp://i7.photobucket.com/albums/y296/RzaRektah99/bow_down.gifhttp://i7.photobucket.com/albums/y296/RzaRektah99/bow_down.gif

 

lol I meant msg13

Thanks again sir.