Am I virus free?

No idea how, but last weekend got infected with Bancban-CT (yes, I have changed all of my banking info and shut down online banking for now), Xorpix-A, Stration-C and a host of other ills. Spent my $100+ with Geek Squad, might as well have just burned the money. I finally found you guys. THANK YOU for all of the info you have posted on here!

I wasn't able to boot into normal mode for a long time, Internet kept getting hijacked and was excruciatingly slow, etc. Found out that my trojans/worms/viruses had put in exceptions for themselves in my firewall. My ISP has shut off my email until I am virus free, so I need to be sure I am.

Weird stuff. I can have SpySweeper guard my machine, but if I try to run the scan, it gets almost done and then reboots. I've tried a host of other virus scans (AVG, Avast, etc.), and most of them either reboot near completion or just disappear at some point with no logs or messages. Spy Bot runs perfectly fine and just gave the following results:

DoubleClick
Advertising.com
MediaPlex
Microsoft.Windows.ActiveDesktop
Microsoft.Windows.AppFirewallBypass
Stration.C
WildTangent

Stration.C says Autorun settings (MSConfig)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSConfig

Spybot is good at removing the stuff, but not keeping it off. It seems like everytime I reboot, this stuff comes back.

Can anyone help me?

 

Thank you very much for replying. I had had gone through the READ ME FIRST previously (as much as my PC would allow), but decided to run through it again based on your reply.

I got through all steps UNTIL I had to run Counterspy or AVG. When I try to run Counterspy (which the GeekSquad had run previously on my system), I get a message that says "The service controller returned No Service. You may be running a scheduled update."

I wen ahead and uninstalled CounterSpy and tried to run AVG. When trying to start it up, I get the message "Connection to service failed. Please reinstall AVG Anti-Spyware 7.5". So I reinstalled it and got the same message. I then tried to uninstall it via Add/Remove Programs, and it will not uninstall. I hit the remove button and nothing happens.

Any suggestions on what I should do now? I am attaching latest HJT log (I hope)!

 

I have run through the steps as outlined with the following exceptions:

1) I went into Safe Mode with Networking initially but physically unplugged my modem/router.

2) Could not run Counterspy or AVG and so ran SuperAntiSpyware instead.

3) BitDefender and Panda had to be run in Normal mode.

Attached are BD and Panda Logs. More to follow.

 

Looks like the files didn't attach. Let's try again!

 

NewFiles and RunKeys attached.

 

After finishing all of the steps that were outlined and attaching the requested files, I decided to run Spybot again for hoots and giggles.

Stration appears to have disappeared for now, but I still have the following that all appear to be little more than tracking cookies:

DoubleClick
Advertising.com
MediaPlex
Microsoft.Windows.ActiveDesktop

So how do I know if I'm virus free?

 

Tim,

Thanks for all of your help so far!

I started to run through the last set of steps that you outlined. I ran Avenger with the script you indicated. It did reboot, but upon reboot I get a c:/windows/system32.cmd.exe box that says:

The system cannot find the file specified.
Could not Find C:\avenger\*.reg
1 file(s) copied.
zip warning: C:/backup.zip not found or empty
adding: avenger/143727~1.dll (188 bytes security) (deflated 74%)
adding: avenger/144032~1.dll (188 bytes security) (deflated 74%)
adding: avenger/144032~2.dll (188 bytes security) (deflated 74%)
adding: avenger/ALCMTR.EXE (148 bytes security) (deflated 70%)
adding: avenger/avenger.txt (188 bytes security) (deflated 87%)
adding: avenger/backup.reg (188 bytes security) (stored 0%)
adding: avenger/cbbdcc~1.dll (188 bytes security) (stored 0%)
adding: avenger/msdnc3.exe (184 bytes security) (deflated 19%)

And then a box labeled "Windows - No Disk" pops up that says:

Exception Processing Message c0000013 Parameters 75b6bf9c 4 75b6bf9c 75b6bf9c

The buttons available are Cancel, Try Again and Continue. No matter which button I click, I can't get it to get past it. What do I do now?

 

I just kept clicking "continue" and the boxes finally went away.

Here are the Avenger and HJT logs.

 

GetNew and ShowRun logs attached.

 

I ran Avenger with the new script that you provided. The command window got a lot further this time, but stopped after this line:

Adding: avenger/LMIA.TMP/unicows.dll (188 byes security)(deflated 55%)

And the error message in the Windows-No Disk box was:

Exception Processing Message c0000013 Parameters 75b6bf9c 4 75 b6bf9c 75b6bf9c

Avenger log file attached.

 

Tim,

I do appreciate all of your valuable time and assistance. Thank you so VERY, VERY much!

The only issue that remains is that SpySweeper still will not let me complete a scan. It gets all the way to the end of the file scanning and then reboots my system. This worries me because earlier in the process, the reboot thingee was happening with HJT, AVG and a few other scans as well.

How can I be certain that it's not some lingering virus doing that? And can I be sure that the doc files on my PC are not infected?

 

I did uninstall Counterspy and then uninstalled and re-installed Spysweeper -- twice. The same thing happens. It gets near the end of scanning and reboots my pc. At the beginning of this whole virus thing, the same was happening with several other scanning programs, including HJT, Counterspy and AVG.

The only other weird issues I have is that my IE has sporadic issues (no popups for hours and then 20 in just a few seconds) and sluggishness and my printer connection was lost during the process and no amount of downloading and reinstalling drivers helps (HP PSC 2170).

I did talk to Webroot Tech Support and they had no solution to the problem. And the Geek Squad uses some type of Webroot program as well that they were unable to run because the system would reboot when it neared the end of the scan.

Any suggestions?

Also, if you would be so kind as to point me towards any documentation on here as to the best programs and setup to use to protect my PC going forward would be much appreciated.