Malware + Windows Stop Error -- Not Sure if related. Followed READ & RUN ME STICKY

Hi Everyone,

I found this site through a Google search, it seems like an amazing resource and a great community. Even though I still haven't fully resolved my laptop issues, I feel like I am learning useful things by following your posts.

My post is a bit long, but I tried to cover everything that seems relevant.

Below is a description of what I think might have caused the issues, description of the issues, what I’ve done so far, and the text logs are attached. Any kind of help or suggestions would be really appreciated.


POSSIBLE CAUSES?:
One or two weeks ago I installed uTorrent and went a little crazy with downloads (MP3’s, TV Series, Programs – specifically Nero). Windows and Internet Explorer as well as Firefox were updated with the latest patches, Windows firewall was turned on, I was using a wireless router, Windows Defender was running and updated, and AVG Free Edition was also running and updated. The first time I downloaded Nero, errors occurred each time when trying to unzip the file. I think this might have been the bogus file? I downloaded another Nero installation file (shareware…of course) and it installed and worked fine. Next time I used my computer, two issues came up.


ISSUES:
1. Pop-ups when using IE, no pop-ups with Firefox.

2. Windows stop error blue screen started appearing forcing a restart. I have no idea if the two issues are related, but both started around the same time. When I ran all the scans in safe mode the blue screen did not come up. In normal boot mode it occurs two or three times a days. As far as I can tell there is no pattern such as it occurring during higher RAM usage or more processing. Searching for the error code online, all I was able to find a posting on a different discussion board that iTunes and Nero compete for the same driver or resource and can’t be installed at the same system. There weren't any replies or suggestions on how to resolve the issue besides uninstalling both programs and picking one to reinstall. I figured it would be a good idea to get rid of all the Malware first and then deal with the blue screen stop error if it’s still there. I’ve also attached the error logs in case they are useful. If it’s not Malware related or not something covered on this forum maybe someone can still point me in the right direction.


WHAT I’VE DONE SO FAR:
- Ran AVG (normal boot mode), it did not find anything.
- Ran Windows Defender (normal boot mode), did not find anything.
- Ran Lavasoft Adaware a couple of times (normal boot mode), it found some objects but froze while scanning restore points and the program had to be shut down.

- Followed all steps in the READ & RUN ME FIRST Sticky. The logs and brief comments are below

 

Re: Malware + Windows Stop Error -- Not Sure if related. Followed READ & RUN ME STIC

Ran CounterSpy in Safe Mode logged in as Administrator. It found WhenU.SaveNow Adware and deleted it.

Ran Bitdefender and Panda ActiveScan in Safe Mode with Networking Support via IE. Don't think Bitfender found anything. Panda found 4 objects.

 

Re: Malware + Windows Stop Error -- Not Sure if related. Followed READ & RUN ME STIC

Ran GetRunKey, ShowNew, and HijackThis in normal boot mode



Thanks in advance.

 

Re: Malware + Windows Stop Error -- Not Sure if related. Followed READ & RUN ME STIC

Quick Update:

AVG just ran in the background. I can't export the test results but it did the following:

- Deleted a restore file from C:\System Volume Information\ that was marked as infected with Trojan horse Generic2.NFY

- Changed kernel32.dll and shell32.dll from C:\windos\system32\

 

Re: Malware + Windows Stop Error -- Not Sure if related. Followed READ & RUN ME STIC

Blue Screen Stop Error

 

Re: Malware + Windows Stop Error -- Not Sure if related. Followed READ & RUN ME STIC

Thanks for replying.

The files in C:\Windows\ seem to be part of Aventail. When I click on properties on each file it lists aventail. Except for ngmsi.dll and ngutil.exe there is nothing listed under properties.

O4 - HKCU\..\Run: [Countdown countdown.ini] "C:\Documents and Settings\Mirabel\My Documents\Downloads\countdown\countdown.exe"
--- Part of a desktop countdown timer

O4 - HKCU\..\Run: [scrbleh]
C:\DOCUME~1\Mirabel\APPLIC~1\CLOCKP~1\Casttrans.exe
--- No idea what this is. Deleted the entire folder.

O8 - Extra context menu item: -> TimelyWeb - C:\PROGRA~1\EldoS\TIMELY~1\IEPopupExtension.html
--- Seems to be part of Timelyweb, installed the program some time ago.

O9 - Extra button: TimelyWeb - {23315657-D3F3-4894-918E-F705AADED27D} - C:\PROGRA~1\EldoS\TIMELY~1\IEToolbarExtension.html (HKCU)
--- Seems to be part of Timelyweb, installed the program some time ago.


C:\Program Files\DAEMON Tools\SetupDTSB.exe
C:\Program Files\Mozilla Firefox\extensions\{BEE3E87E-E1C6-4bfe-BE9D-48E84271AB34}\chrome\whenu_ff.jar
C:\Program Files\Mozilla Firefox\extensions\{BEE3E87E-E1C6-4bfe-BE9D-48E84271AB34}\components\whenu_ff.dll
--- Deleted all these files


Popups are still there. Please let me know if you have any other suggestions or what other tests I should run.

Thanks.

 

Re: Malware + Windows Stop Error -- Not Sure if related. Followed READ & RUN ME STIC

I also ran spy sweeper, since I only have the trial version it did not let me disinfect but the log is attached. It looks like it found a couple of Trojans. Maybe the log will help.

Please let me know what you think.

 

Re: Malware + Windows Stop Error -- Not Sure if related. Followed READ & RUN ME STIC

Thanks for replying and your help so far.

I deleted WhenU from firefox extensions and there was no C:\Program Files\Mozilla Firefox\extensions\{BEE3E87E-E1C6-4bfe-BE9D-48E84271AB34}

Ran AVG Anti-Rootkit and did the in depth scan, didn't find anything.

Couldn't get ServiceFiler to run. When I click on ServiceFilter.vbs it tells me the version and then there is a Windows Script Error (Line: 157, Char.:7, Error: This key is already associated with an element of this colleciton, Code: 800A1C9, Microsoft VBScript Runtime error). Unzipped again same error. Disabled internet, all AV and spyware software but still the same error. And tried running it in Safe Mode logged in as Administrator but still the same error.

Wasn't sure if you still wanted me to do the registry fix, so I did not do it just to be safe.


Other things I did in the meantime:

Googled "trojan-backdoor-rustock" from the spy sweeper log. Found info that it may cause the blue screen windows stop error. Downloaded and ran McAfee Stinger 2.6.

Ran a bunch of different programs I found in hopes it might remove something. None of them really removed anything but cookies. One of these programs called "trojan hunter" does a fast scan when my computer boots up and I get the following error messages. Can't access following files: C:\WINDOWS\System32\Drivers\dtscsi.sys,
C:\WINDOWS\System32\Drivers\sptd.sys and can't find C:\WINDOWS\system32\drivers\tifm21.sys. I hope some of this might be useful and did not screw anything up.

There are no pop ups (I don't know if this is due to all the anti-spyware stuff running) and there are no more blue screen errors. But spysweeper still shows "trojan-backdoor-us15info". Latests log is attached.

Thanks again.

 

Re: Malware + Windows Stop Error -- Not Sure if related. Followed READ & RUN ME STIC

Thanks again for your reply.

Service Filter worked fine. The log is attached. I also did registry fix as instructed.

Everything seems to running good with no pop ups. My only concern left is the "trojan-backdoor-us15info" that Spy Sweeper still finds. The latest Spy Sweeper log is also attached.

Please let me know what you think.