New machine caught a bug-need help please

Sgt Jeep · Apr 25, 2009

Hi,
I’ve performed all steps in the R&R as requested.

I received my new Vista 64bit laptop and prior to making any backups I transferred folders from my external to the new machine, and infected it with something.

Some things I noticed was the wi-fi turned on and off w/o me prompting it; the sound would adjust automatically; Skype would not be installed even though I downloaded it and used it the day before. Yahoo would disconnect and reconnect w/o me telling it to. Thinking I had a clue of how to deal with malware, I d/l HJT and went through some scans removing this and that. I deleted some things, and used SystemLookup-Startup page to see what exe’s were running. I also deleted (let HJT remove) an exe called skypepm.exe. SystemLookup-Startup did not know what it was.

I tried Zone Alarm and would get repeated reuests to allow this or that to connect to the internet. I performed a system restore and have no clue where I am at now.

I also used Hostexpert and think I changed the hosts as HJT showed:
O1 - Hosts: 102.54.94.97 rhino.acme.com # source server
O1 - Hosts: ::1 localhost

I’ve tried to update Windows via MS Update and have received some failures on the installs. All security related d/l. I am not against performing a total reformat if that means I get a new machine back. I do however need to see what infected me and clean the HD as there is a lot of stuff I’d like to keep.

Any and all help is appreciated.
Thx in advance!

Also, avast online virus cleaner tool is running now and it is showing a lot of fiels could not be scanned:

avast! Virus Cleaner Tool - version 1.0.211 Unicode

Creating log file: C:\Users\Marc\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WTEF9HDK\aswclnr[1].log

4/25/2009, 8:11:58 AM
Memory scanning started...
No virus body found in memory.
Memory scanning finished (6.6s).
----------
Files scanning started...
C:\boot\bcd... file could not be scanned!
C:\boot\BCD.LOG... file could not be scanned!
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log... file could not be scanned!
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log... file could not be scanned!
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb... file could not be scanned!
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb... file could not be scanned!
C:\System Volume Information\{16cd65dc-3191-11de-a0f0-00247e434e47}{3808876b-c176-4e48-b7ae-04046e6cc752}... file could not be scanned!
C:\System Volume Information\{16cd65e6-3191-11de-a0f0-00247e434e47}{3808876b-c176-4e48-b7ae-04046e6cc752}... file could not be scanned!
C:\System Volume Information\{1a1a0c95-2f2a-11de-ba26-00247e434e47}{3808876b-c176-4e48-b7ae-04046e6cc752}... file could not be scanned!
C:\System Volume Information\{1a1a0cad-2f2a-11de-ba26-00238b9bf147}{3808876b-c176-4e48-b7ae-04046e6cc752}... file could not be scanned!
C:\System Volume Information\{1a1a0ccc-2f2a-11de-ba26-00238b9bf147}{3808876b-c176-4e48-b7ae-04046e6cc752}... file could not be scanned!
C:\System Volume Information\{2abd9b54-3182-11de-99cb-00247e434e47}{3808876b-c176-4e48-b7ae-04046e6cc752}... file could not be scanned!
C:\System Volume Information\{2abd9e90-3182-11de-99cb-00238b9bf147}{3808876b-c176-4e48-b7ae-04046e6cc752}... file could not be scanned!
C:\System Volume Information\{2ecedf7f-30a5-11de-bc02-00247e434e47}{3808876b-c176-4e48-b7ae-04046e6cc752}... file could not be scanned!
C:\System Volume Information\{2ecedfa6-30a5-11de-bc02-00247e434e47}{3808876b-c176-4e48-b7ae-04046e6cc752}... file could not be scanned!
C:\System Volume Information\{2ecedfae-30a5-11de-bc02-00247e434e47}{3808876b-c176-4e48-b7ae-04046e6cc752}... file could not be scanned!
C:\System Volume Information\{2ecedfb4-30a5-11de-bc02-00247e434e47}{3808876b-c176-4e48-b7ae-04046e6cc752}... file could not be scanned!
C:\System Volume Information\{2ecedfba-30a5-11de-bc02-00247e434e47}{3808876b-c176-4e48-b7ae-04046e6cc752}... file could not be scanned!
C:\System Volume Information\{2ecedfcc-30a5-11de-bc02-00247e434e47}{3808876b-c176-4e48-b7ae-04046e6cc752}... file could not be scanned!
C:\System Volume Information\{2ecee030-30a5-11de-bc02-00247e434e47}{3808876b-c176-4e48-b7ae-04046e6cc752}... file could not be scanned!
C:\System Volume Information\{34157ef3-311a-11de-82d5-00247e434e47}{3808876b-c176-4e48-b7ae-04046e6cc752}... file could not be scanned!
C:\System Volume Information\{34157ef9-311a-11de-82d5-00247e434e47}{3808876b-c176-4e48-b7ae-04046e6cc752}... file could not be scanned!
C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}... file could not be scanned!
C:\System Volume Information\{585c440c-2b90-11de-997c-00247e434e47}{3808876b-c176-4e48-b7ae-04046e6cc752}... file could not be scanned!
C:\System Volume Information\{585c44c7-2b90-11de-997c-00247e434e47}{3808876b-c176-4e48-b7ae-04046e6cc752}... file could not be scanned!
C:\System Volume Information\{585c457c-2b90-11de-997c-00247e434e47}{3808876b-c176-4e48-b7ae-04046e6cc752}... file could not be scanned!
C:\System Volume Information\{585c498c-2b90-11de-997c-00238b9bf147}{3808876b-c176-4e48-b7ae-04046e6cc752}... file could not be scanned!
C:\System Volume Information\{a57d8c44-2b72-11de-9413-00247e434e47}{3808876b-c176-4e48-b7ae-04046e6cc752}... file could not be scanned!
C:\System Volume Information\{a57d8ca0-2b72-11de-9413-00247e434e47}{3808876b-c176-4e48-b7ae-04046e6cc752}... file could not be scanned!
C:\System Volume Information\{a57d8ca8-2b72-11de-9413-00247e434e47}{3808876b-c176-4e48-b7ae-04046e6cc752}... file could not be scanned!
C:\System Volume Information\{e22b3e7d-2bd3-11de-acab-00247e434e47}{3808876b-c176-4e48-b7ae-04046e6cc752}... file could not be scanned!
C:\System Volume Information\{e22b3e90-2bd3-11de-acab-00238b9bf147}{3808876b-c176-4e48-b7ae-04046e6cc752}... file could not be scanned!
C:\System Volume Information\{e22b3e97-2bd3-11de-acab-00238b9bf147}{3808876b-c176-4e48-b7ae-04046e6cc752}... file could not be scanned!
C:\System Volume Information\{e22b3eaa-2bd3-11de-acab-00238b9bf147}{3808876b-c176-4e48-b7ae-04046e6cc752}... file could not be scanned!
C:\System Volume Information\{e22b3eb2-2bd3-11de-acab-00238b9bf147}{3808876b-c176-4e48-b7ae-04046e6cc752}... file could not be scanned!
C:\System Volume Information\{e22b3edd-2bd3-11de-acab-00238b9bf147}{3808876b-c176-4e48-b7ae-04046e6cc752}... file could not be scanned!
C:\System Volume Information\{e22b3ee8-2bd3-11de-acab-00238b9bf147}{3808876b-c176-4e48-b7ae-04046e6cc752}... file could not be scanned!
C:\System Volume Information\{f569ea09-2b92-11de-a002-00247e434e47}{3808876b-c176-4e48-b7ae-04046e6cc752}... file could not be scanned!
C:\System Volume Information\{f569ea2e-2b92-11de-a002-00247e434e47}{3808876b-c176-4e48-b7ae-04046e6cc752}... file could not be scanned!
C:\System Volume Information\{f569ea61-2b92-11de-a002-00247e434e47}{3808876b-c176-4e48-b7ae-04046e6cc752}... file could not be scanned!
C:\Users\Marc\ntuser.dat.LOG1... file could not be scanned!
C:\Users\Marc\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1... file could not be scanned!
C:\Users\Marc\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{673B0630-6D8E-4E95-8BCB-5A5841605583}.tmp... file could not be scanned!
C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1... file could not be scanned!
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat... file could not be scanned!
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat... file could not be scanned!
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1... file could not be scanned!
C:\Windows\SoftwareDistribution\DataStore\DataStore.edb... file could not be scanned!
C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log... file could not be scanned!
C:\Windows\SoftwareDistribution\DataStore\Logs\tmp.edb... file could not be scanned!

chaslang · Apr 28, 2009

Welcome to Major Geeks!

I'm sorry but your problems are not due to malware. I have no idea what you were doing with HijackThis on your own but perhaps you should just undo whatever you did and see what happens. skypepm.exe is just part of Skype that you said you had installed.

Sgt Jeep · Apr 28, 2009

Seriously, thats all you got to say? You should have saved your key strokes. If I knew what I did, I would have corrected it myself. I was posting to try and get some help to figure it out.

I reformatted and am gtg.

Please respond offline for further correspondence.

thx

chaslang · May 2, 2009

Sgt Jeep said: ↑

If I knew what I did, I would have corrected it myself. I was posting to try and get some help to figure it out.
Click to expand...

If you were smart enough to run HijackThis on your own to begin with then why aren't smart enough to go to its Backups feature and just undo them. That is why the feature is there.

We can't help you figure out something you did on your own before you came here. The logs from the scans are clean so all we can tell you is that there is no malware at the heart of your problem.

Undo what you did with HijackThis and also try using System Restore to go back to a point before your problems began. I know you said you did a System Restore already, but maybe you need to go further back.

Log in or Sign up

New machine caught a bug-need help please

Sgt Jeep Private E-2

Attached Files:

MGlogs.zip

mbam-log-2009-04-25 (07-34-27).txt

SUPERAntiSpyware Scan Log - 04-25-2009 - 07-30-56.log

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

Sgt Jeep Private E-2

chaslang MajorGeeks Admin - Master Malware Expert Staff Member