Boy, do I have some problems

OK, I did everything in the read and run me first, section. The CWshredder was clean, the Kill2mes was also clean. I then ran Ccleaner and spy sweeper (everything in safe mode, mind you). Ad-Aware removed 10 critical objects, and Spy-Bot removed several. I then did two of the virus scans that were recommended...the Bitdefender and the Panda, since the Trojan Scan and the Trend Micro didn't load for me. Here are the results of each scan, and then I'll post my problem.

BitDefender:
Time
01:56:18

Files
231979

Folders
2553

Boot Sectors
4

Archives
21159

Packed Files
16219




Results

Identified Viruses
6

Infected Files
9

Suspect Files
1

Warnings
0

Disinfected
0

Deleted Files
14




Engines Info

Virus Definitions
245051

Engine build
AVCORE v1.0 (build 2292) (i386) (Mar 3 2005 11:57:29)

Scan plugins
13

Archive plugins
38

Unpack plugins
4

E-mail plugins
6

System plugins
1




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

C:\mirc\backup\mirc.exe
Infected with: Backdoor.IRC.Zapchast

C:\mirc\backup\mirc.exe
Disinfection failed

C:\mirc\backup\mirc.exe
Deleted

C:\mirc\mrtrick.mrc
Suspected of: Backdoor.mIRC.Gen

C:\mirc\mrtrick.mrc
Disinfection failed

C:\mirc\mrtrick.mrc
Deleted

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\32C139A3.htm=>(Quarantine-2)
Infected with: Exploit.Html.MhtRedir.Gen

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\32C139A3.htm=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\32C139A3.htm=>(Quarantine-2)
Deleted

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\32FF575F.htm=>(Quarantine-2)
Infected with: Exploit.Html.MhtRedir.Gen

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\32FF575F.htm=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\32FF575F.htm=>(Quarantine-2)
Deleted

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\66CD676C=>(Quarantine-2)=>1.exe
Infected with: Win32.Bagle.BJ@mm

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\66CD676C=>(Quarantine-2)=>1.exe
Deleted

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\66CD676C=>(Quarantine-2)
Updated

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\66CD676C
Update failed

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1A68292A.exe=>(Quarantine-2)
Infected with: Joke.Schmilz

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1A68292A.exe=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1A68292A.exe=>(Quarantine-2)
Deleted

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\2A7937C6.anr=>(Quarantine-2)
Infected with: Exploit.Win32.MS05-002.Gen

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\2A7937C6.anr=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\2A7937C6.anr=>(Quarantine-2)
Deleted

C:\Program Files\instant messenger\Sysfiles\WxBug.EXE=>wise0008
Detected with: Adware.Wheaterbug.A

C:\Program Files\instant messenger\Sysfiles\WxBug.EXE=>wise0008
Disinfection failed

C:\Program Files\instant messenger\Sysfiles\WxBug.EXE=>wise0008
Deleted

C:\Program Files\instant messenger\Sysfiles\WxBug.EXE
Update failed

C:\Program Files\instant messenger\aim95.exe=>wise0037=>wise0008
Detected with: Adware.Wheaterbug.A

C:\Program Files\instant messenger\aim95.exe=>wise0037=>wise0008
Disinfection failed

C:\Program Files\instant messenger\aim95.exe=>wise0037=>wise0008
Deleted

C:\Program Files\instant messenger\aim95.exe=>wise0037
Update failed

C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll
Detected with: Adware.Wheaterbug.A

C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll
Disinfection failed

C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll
Deleted

And here is the scan from Panda:
Incident Status Location

Spyware:spyware/aveo-attune Not disinfected C:\PROGRAM FILES\Aveo
Virus:Trj/Downloader.FNP Not disinfected C:\WINDOWS\Downloaded Program Files\miniclipGameLoader.dll
Virus:Eicar.Mod Not disinfected D:\Program Files\Common Files\Symantec Shared\VirusDefs\20030625.019\hh[pocketpcdefs1.zip]
Virus:Eicar.Mod Not disinfected D:\Program Files\Common Files\Symantec Shared\VirusDefs\20030625.019\hh[savce.def]
Virus:Eicar.Mod Not disinfected D:\Program Files\Common Files\Symantec Shared\VirusDefs\20030626.018\hh[pocketpcdefs1.zip]
Virus:Eicar.Mod Not disinfected D:\Program Files\Common Files\Symantec Shared\VirusDefs\20030626.018\hh[savce.def] Now, my first problem would be to ask how do I remove these viruses and trojans, or at least the ones that weren't removed?

My main problem has been going on for a while, and now I'm guessing the above scans are the reason why. I run Norton System Works, using NAV, and it never finds any of this stuff (virus defs up to date, scans done regularly). Anyway, I hope someone can help me with this. Every time I surf the net, when I close out my browser (IE 6), my computer freezes, except the mouse. I can't click on anything, or open anything, and when I bring the mouse down to the desktop toolbar, it turns into a two-sided arrow. This can last anywhere from 2 minutes, to a half hour. When I ctrl-alt-del, I mostly get Explorer (not responding), or sometimes CCapp (not responding), or Zlclient (not responding), but mostly just Explorer (not responding). Does anyone have any idea how I can remedy this? Are these viruses the reason for it, ot is it something else? I also have a HW problem with my USB hub root, but I'll save that for another thread, after this mess can 'hopefully' be cleaned up.

Dell Dimension XPS T600
Windows 98SE
IntelP3,CU,600/100,256K,SKT
512SDRAM
TBS Montego II soundcard
32MB DDR NVidia GForce2 GTS
WDC 20G HD/Maxtor 80GB Slave drive

 

Hi and welcome to MajorGeeks.

Please don't post logs or results unless specifically asked.

Anyway, try uninstalling and reinstalling Internet Explorer or repairing it as outlined HERE.

 

Hi, and thanks for the welcome. I'm sorry I posted all that, as I'm worried about the viruses the scans picked up, and wanted all to see so I could get some help in removing them.

Having said that, I already did the IE Explorer remove/repair, several times the past few days..to no avail.

 

Welcome to MajorGeeks.com, please follow the steps below:

- Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support

• Make sure you check version numbers and get all updates.

After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis:

Downloading, Installing, and Running HijackThis

 

Would you like me to run a Hijack This scan, and post the log? I have the latest version.

 

Yes, but only if you have run ALL the steps in READ & RUN ME FIRST Before Asking for Support then please post a HijackThis log, as an attachment per the directions in Downloading, Installing, and Running HijackThis

 

Yes, I have done everything in Read and Run me first. Here's the log.

 

Do you know what closeIeX is?

 

No, I don't. Is it something bad?

Edit - OK, I looked it up, and it says it's a program that closes out IE Explorer Windows with one click, but the thing is, 'Explorer not Responding' happens even if I have only one IE window open, then close it. Then again, could this still help stop that occurence?

 

Look in Add or Remove Programs for closeIeX, if it is there uninstall it.

 

My sister used to use this computer when she stayed here a few years back, so that's where it must have come from! Wow, I was shocked to see it in add/remove. In any event, it gives me a choice to simply remove....or 'remove all', meaning it contains shared components that may be in use by other applications. Should I simply 'remove' or 'remove all'?

 

Remove all, after you have completted the uninstall reboot, and post a fresh HijackThis.

 

OK, removed all..and rebooted. Here's the new log.

 

Scan with HijackThis and fix the following:

Reboot

Tell me how your computer is running.

 

OK...I did everything you said, and my computer does seem to be running a little faster, but the 'Explorer not Responding' is still happening when I close out IE6, although it lasts a lot less longer than it did previous to these fixes. Within 2 or 3 minutes, it starts responding again, instead of 15m to a half hour, but I guess you would agree, that's still not good enough, and there has to be way to eliminate this problem altogether. Should have I just 'removed' the CloseIE instead of Remove all? I do have GoBack Deluxe, so if you need me to boot back to before we did anything, I'd be happy to.

 

OK, let's take a deeper look at the system.

Run CCleaner before doing the below.

Download WinPFind

Extract it to the root folder of drive C ( C:\ ). This will create a folder called WinPFind in the C:\ folder. Inside C:\WinPFind is a file called WinPFind.exe. Double-click on this file to launch the program. Once it is launched, click on the Start Scan button and wait for it to finish. This program will scan large amounts of files on your computer for known patterns so please be patient while it works as it can take a while, upwards to 30 minutes or more.

When it is done, it will show the results of the scan. Click on the Copy to Clipboard button and then paste the contents of the log in your clipboard. Then save it to a file using notepad and upload the text file here as an attachment.

 

Just a quick question. The last time I ran Ccleaner, I wasn't sure what should be checked or unchecked in the left pane. I let it delete everything, and after that, my computer started to freeze up even more, but then it calmed down a few days later. My question is, what should and should not be checked? -- To make sure I don't delete anything pertinent to my computer.

 

Run Ccleaner with the default options to clean out temporary files. Only use the Default Scan on the Windows Tab and select Run Cleaner. Do not run any other options from other tabs.

 

OK, I left it as is when I opened it..on the windows tab, leaving everything that was checked, checked, which I 'assume?' is the default setting? In any event, I ran both Ccleaner and WinPFind in safe mode (is that ok?), as I heard it works better due to hidden files that show up. In any event, I've attached the WinPFind scan.

 

Boot to Safe Mode, open Widows Explorer, navigate to and delete:

Open Notepad, copy & paste the text in the below quote box and save as FixReg.reg to your Desktop.

The last one is not a vaild Windows 98 Registry Key. The rest are not valid Winodws Registry Keys.

Next double-click the FixReg.reg file on your desktop, answer Yes when asked if you want to merge.

Reboot to Normal Mode.

How is your computer running?

 

OMG, I did everything you said, it went smoothly, and sure enough, I opened two IE windows, closed them, and 1 minute of Explorer not Responding! It's definitely an IE VS windows explorer issue (duh). On the bright side though, my computer is back to it's former speedy self. It's cruising along nicely, with no pauses when I surf. For the time being, I found if I leave one IE window open at all times, as I surf, it doesn't happen, but the whole point is being able to close out ALL of these IE windows, and be able to click on whatever I want on my desktop, to continue working or checking emails, without Windows Explorer freezing up for a while.

Anyway..thanks so much for your help so far. I feel awful that you've gone to all this trouble, and it hasn't been completely resolved yet.

 

I beleive we have gotten most if not all of the malware on your computer.

As a double check, please follow the directions for Running Spy Sweeper

Post the Spy Sweeper log when done with the above.

For the IE problem do the following:

 

Ooops, I just realized, I forget to do this ::: Boot to Safe Mode, open Widows Explorer, navigate to and delete:
Quote:
c:\FILE0103._DD
c:\windows\IAMNET~1.EXE

I focused on the Regedit and forgot! I'll do that now, then I'll run Ccleaner and Spysweep, and post the Spysweep txt, and a new HJT log.

 

Okie Dokie..I did everything you requested. Here are the logs.

 

Using Add or Remove Programs in the Control Panel uninstall the following if present:

If the above are not present, then using the search function in the Start Menu serach for and run tb1uninstaller.exe.
Next Open Windows Explorer and delete the following:

Open Notepad, Copy & Paste the contents of the below quote box to notepad; Save As TurtleFix.reg to the Desktop. Exit Notepad.

Now double-click the TurtleFix.reg on your desktop and answer Yes when asked if your want to merge with the registry.

If you don't play any games from miniclipgames, then uninstall any games you find that were downloaded from there; specifically Puzzle Pirates. Then have hijackThis fix the following:

Reboot to Safe Mode.

Do the following:

Start -> Run

type regsvr32.exe /u hwaudio.dll (Copy and paste the command)

OK

Start -> Run

type regsvr32.exe /u "C:\Windows\downloaded program files\hwutils.dll" (Copy and paste the command)

OK

Open Windows Explorer locate and Delete the following:

 

Turtle Beach is my sound card. Are you sure that's ok to remove?

 

Leave it installed, then.

 

But do everything beneath it?

 

Start with the miniclipgames.

 

OK, that's just what I did. Should I ppst anything after I finish?

 

Also, I couldn't find any trace of this folder anywhere on my computer! --> C:\Program Files\Common Files\midnight lake screensaver, including Windows Explorer et al.

 

Run Spy Sweeper again and post the log.

 

Before I run Spysweeper, I did everything you asked me to, except for the turtle beach stuff..and below is what happened.

1)

The above did not work. I've uploaded both screen images so you can see.

2)

 

Delete the entire entry of {28F00B0F-DC4E-11d3-ABEC-005004A44EEB} in the registry.

 

OK, I deleted that whole key, and took it a while for the Registry to find it. Here's the Spysweeper log from before I deleted the key. I think I forgot to erase the one from yesterday, so there may be two logs in one. I cleared the sessions history just now, in case I have to do another one.

 

OK, everything looks fine. How is your computer running?

 

So far it 'Explorer not Responding' hasn't occured when I close out an IE window (knocking wood), so I figure I can give you an honest 'You saved me!' report when it doesn't do it for a few days! Thank you so so much! I'll report back in about 2 days and let you know if it's still ok.

 

Shadow -- Everything is still running great, and there has not been one occurence of 'Explorer not Responding', since I last posted. I want to thank you for taking the time to help me resolve this problem. Cheers!

 

You're welcome.