Help please - Deluxe Communications and more

Please help if you can, my machine is trashed. I followed your instructions before posting the best I could (online work is nearly impossible.) Thank you.


System Info: Compaq Presario 5400, Intel Celeron
Windows XP Home Edition 2002

Problem: infection with Deluxe Communications, webbuying, www.in-t-e-r-n-e-t.com and/or other Malware?

Symptoms: cascading popup ads for antivirus/antispyware, free music, etc.; hijacking of browser pages in use; spontaneous propagation of browser pages; spontaneous reboots; browser shutdowns; massive system slowdown; unfamiliar requests to connect to internet when disconnected; rundll errors, ie_updater errors, unfamiliar/hostile programs in msconfig startup

History: DXC not found by AVGAV or SpyBot, although many others were; found by AdAware but unable to delete; found along with other stuff by SuperAntiSpyware and deleted but appears again instantly; Windows Add/Remove Programs does not list; attempts to uninstall using \u don't work; files can't be deleted as they are "in use"; removed from startup using msconfig but instantly reappears (DXC files)

All procedures done in Safe Mode except those requiring internet connection (dial-up connection not available in Safe Mode)

1) Emptied quarantine for SuperAntiSpyware
Deleted all quarantines from AdAware
(could not find quarantine folders for Spybot S&D 1.4)
Emptied recycle bin for user & admin
Ran CCcleaner for user account
Ran CCcleaner for admin account

2) Enabled view of hidden files and file extensions for user and admin accounts

3) Only AVG AV running

4) Installed GetRunKeys
Installed ShowNew

5) SpyBot present, updated, ran

6) Configured and ran AVG anti-spyware per instructions

7) Unable to update virus definitions for BitDefender many hours of trying (intermittent browser shutdowns); scanned anyway; unable to complete a scan, locked up (note: found trojans in Temporary Internet Files, even after deletion of all files, because of spontaneous malware browser pages opening during scan!)
Scanned with PandaScan. Was able to update and begin scan, about 20% complete, indicating 10 spyware files found, no details, then browser hung

8) installed HijackThis, renamed exe file to "analyze.exe", set msconfig to normal startup and ran (log attached)

9) ran GetRunKeys and ShowNew (logs attached)

10) verified that DXC files, webbuying files, etc are still in msconfig startup - yes.


Attachments:

AVG Anti-Spyware log
GetRunKey log
ShowNew log
HijackThis log

 

hijackthis logfile attached

 

No, I'm not bumping!

Just to say - since this machine is SO hosed, and since it's a holiday and you're backlogged anyway, I decided to run ActiveKillDisk and reload the OS instead of trying to repair.

I will follow your "avoiding malware" recommendations. I still don't know how this happened to me - I run virus/spyware stuff, but I use the Windows firewall. I'll install ZoneAlarm this time instead.

 

Yep - and it all seemed to happen in 24 hours. The earliest file creation dates I saw were 7:45 a.m. At that time I would normally be reading normal e-mail (not opening any attachments and not using Outlook Express) and visiting several reliable forums. It completely blew up after that.

Will there ever be a way to know what I did or where I went that made this happen? I would sure like to never do it again. (I mean besides following your recommendations in the Avoiding thread.)