Malware problems

Hello all. Lately my computer has been acting strange. I have 3 problems I would like to address. First off, when I turn on the pc, the first thing that shows up on the windows desktop is an error msg saying: "The C:\WINDOWS\Start Menu\Programs\Startup\MSWIN--655001930.EXE file appears to be corrupt, Reinstall the file, and then try again." Then a second msg box appears after I click ok on the first one. The second msg states: "Windows cannot run this program because it is in invalid format." I don't know what this all means, but I'm sure you do. My second problem is Internet Explorer. It doesn't show pictures or symbols on the web anymore. I have to right click the icon, then show picture. I think that a file I downloaded from the web might have had a trojan and is causing this. It gets pretty annoying sometimes. The third problem is that ad-aware is finding a lot of malware during full system scans, but when I try to remove the problems, all I ever get is a "Sorry some objects could not be removed, try closing all browser windows prior to the removal. If this does not help, reboot and run ad-aware again." Surely I reboot and run again, but the same problem occurs time after time, every time. Win32.Trojan.Downloader and WinAD are only some of the many junk ad-aware finds in my system and I would like the computer to act normal for once. Oh and one more thing, I was wondering if Registry Cleaner is a program to be trusted or just another threat. I can't seem to get rid of that either. Thank you for your time, I would appreciate a response to this post.

 

Welcome to MajorGeeks.com, please follow our standard cleaning procedures:

http://www.majorgeeks.com/images/grenade.gif Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support

• Make sure you check version numbers and get all updates.

http://www.majorgeeks.com/images/grenade.gif Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

http://www.majorgeeks.com/images/grenade.gifAfter doing ALL of the above and you still have a problem, make sure you have booted to normal mode and run the steps in the below thread to properly use HijackThis and attach the log:

http://www.majorgeeks.com/images/grenade.gif Downloading, Installing, and Running HijackThis

• Make sure you also rename HijackThis.exe as suggested in the procedures. Use analyse.exe for the new name. This is very important due to some new infections going around..

http://www.majorgeeks.com/images/grenade.gifWhen you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too:

• CounterSpy
• AVG Antispyware log - ONLY IF NEEDED you were not able to run CounterSpy
• Bitdefender - from step 6
• Panda Scan - from step 6
• runkeys.txt - the log from GetRunKey.bat
• newfiles.txt - the log from ShowNew.bat
• HijackThis

NOTE: You can only attach 3 files in a single message so it will require that you use two messages to attach all of these logs!

 

Having some trouble finding getrunkey.bat and shownew.bat even though I clearly unzipped them to an easy to find folder.

 

I extracted them to c:\WINNT\system32. All I see is 3 program files, autotext.nt and config.nt and command.com. I don't know if I extracted them right.

 

Also system resore doesn't seem to work. I waited for it to work for 3 hours and there was no progress.

 

Here are the first 3 files. Will post the rest soon.

 

Okay, will be awaiting the rest.

 

Here are the rest. But how do I post a panda log?

 

Read step 6 in the thread below, explains everything.

READ & RUN ME FIRST Before Asking for Support

 

We got this message when trying to run the panda online scan:

Error on downloading ActiveScanAn error has occurred downloading Panda ActiveScan. Please repeat the process. If the error occurs again, restart your system and try againPossible causes of this error are:

Not allowing the application's ActiveX control to be downloaded.

Problems with the Internet connection.

The error could be due to a download error or an installation error due to lack of hard disk space, privileges etc.,...

 

It wouldn't have anything to do with disk space, do you have Administrator privileges?

Did you get the popup asking to install the ActiveX control or a yellow menu bar at the top of the browser?

 

Here is activescan. Said I couldn't attach activescan.txt and bitdefender.txt because it exceeds the limit of KBs sent at a time.

 

BitDefender.txt:
Your file of 325.6 KB bytes exceeds the forum's limit of 250.0 KB for this filetype.

Is there any way I could send it smaller?

 

ZIP it and attach it this way, also I need a fresh HJT log since it's been a few days.

 

Ok. Here are the attachments.

 

Scan with HijackThis and check the boxes for the following entries:
( Make sure ALL browser windows are closed when you click FIX )

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL (file missing)

O4 - HKLM\..\Run: [LanzarL2007] "C:\WINDOWS\TEMP\{5BBB8FAA-A66B-43E0-9A90-993E75AA082E}\{D1DA2BA7-2592-4036-9BB2 -DCCABDE8DC1A}\..\..\L2007tmp\Setup.exe" /SETUP:"/l0x0009"
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O16 - DPF: {A0EAC162-A012-4AD8-B2E1-D5A0BBBCDA51} (PopupSh Control) - http://206.222.17.187/display/PopupSh.ocx

Again, make sure ALL browser windows are closed when you click FIX.

Next, run CCleaner to clean up cookies and temp files.

Next Reset Web Settings & Default Security Settings

To Reset Web Settings:
Right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK

To Default Security Settings:
Right click on your desktop Internet Explorer icon and select Properties. Then click the Security Tab and click Default Level for Internet, Local Intranet, Trusted Sites, and Restricted Sites.

Note for IE 7 users:
Select Internet Options, then the Advanced Tab and then the Reset button under Reset Internet Explorer Settings.

Once you complete this post, reboot and let me know how things are running.

 

Thanks for the help, things are running smoother than before. Should I uninstall ccleaner and counterspy?

 

Yeah, you can uninstall CounterSpy but I would recommend keeping CCleaner or a similiar drive cleaner.

You should see this article on How to Protect yourself from malware!

 

There was one problem with the article. Step 8 Uninstall Microsoft Java and Replace with Sun Java. I got an error saying "Error in advpack.dll Missing entry:" when trying to Run and enter the information. Why is that?

 

Not exactly sure, if you post this in the Software Forum, those guys can help you with it.