need help cleaning out multidropper and newwin32

I need some help Please. I was origionally infected with the multidropper-bu virus. My own fault of corse. There is no info on this varient of multi-dropper. But in the process of running through the cleaning process I picked up another one while using panda active scan called newwin32.

Ok I ran through the READ ME AND RUN THIS FIRST sticky thread. I am going to give you a list of what I did or did not do for each step.
special procedures link
I looked at the special removal procedures link and looked through the programs a bit I did not think at that time that there was anything there that could help me. Could be wrong. I know how to use a computer but I have never been this deep before into one.

Online Virus And Trojan Scanning
I have dial up so I rebooted my computer and ran in normal mode for this step.

uninstalling malware through add remove programs
I did not see anything that was realy suspicous to me. Is there a way to post a log of ad\remove programs?

I did not disable system restore yet as instructed because the problem is not fixed.

Enable viewing of hidden files, system files and file extensions
Did that

Do not use Multiple Antivirus Applications
I got a sharware copy of system mechanic which had a firewall and kaspersky anti virius. But as of this posting I have macaffe only on my pc at this time all others are uninstalled.

Downloading Tools
All tools in this sticky down loaded. But I had trouble with a couple of them. Spybot would not update itself and I tried to use the fix suggested in the post but it would not work.
Microsoft windows defender would not install because it said my copy of windows was not validated. I am going to see if I can fix this. I put the results in my next post. But for now its not working.

Cleaning Malware
I rebooted into safemode and began the cleaining process as instructed. I think I goofed here because I only have logs from the active scan. Sorry I am still new at this. When I used the programs in this step it did clean out several things. It seams that system mecanic was infected with something as were several registry keys. If I have to go through the process again I will try to keep a diary of what came up and what I did.

Online Virus And Trojan Scanning
ran bitdefender log will be attached. hope its the right one.
I used Internet explorer for both of these programs I wish I did not have to because I have moved to firefox and while I was pandaactive scan I contratced another virus that macaffe alerted me to but would not clean quarenteen or delete.
It kept asking me if it was write protected. This is the same problem as what happend with multi dropper. When I use macaffe antivirus to scan for viruses it does not detect multidropper. I am assuming it will do the same with polywin 32. I will do a scan with macaffe and see if that is so. I typed the info that macaffe gave me about polywin into a text file. I will attach that as well.

HijackThis log posting
I have not done this yet because I was told you can cause some damage if you dont know what you are doing with this program. I am not afraid to learn how to use this program I just want to be carefull. My goal in all this is not just to clean our an infection but also to learn more about my computer so I can use it better and keep it runing better. So I am not afraid to procede.

I have tried to proced up to this point to the best of my ability. I will attach all the logs I have up to this point any help you can give me will be appreciated.

 

I have an update I was finally able to get windows defender to install. I am still not able to get it to update.

 

I was a little reluctant to use this tool but I suppose as long as I dont change anything without advice I should be ok. Here is my highjackthis log.

 

I am trying to post the log for highjack this but it wont seem to attach.

 

Ok I have both files but the highjackthis uninstall log is not complete. I will give you what I have but I will have to go back a write a text file later. I dont have time now someone wants the phone. sorry

 

you asked "Why are you ZIPing the files"?

I know you said to zip my hjt log. I guess I zipped both of the files just to be certin you got them this time.

you said"Why is the uninstall log not complete? HJT cannot make a partial log so I don't know what you mean."

I do not know why it was not complete. I just know that when I compared the log to the list that comes up not all the items there were on the list.

You said"Were you running Task Manager when you got the HJT log? Why? It should not be running!"

I did not know that it made a difference that I was running task manager while doing HJT. I usually run it so I can keep track of the load there is on the cpu while I am using my comp. Also I open it when I start up my computer becuase I have a program called Paper Port that keeps trying to install itself everytime I start my computer. I would let it install itself and then unstall it if I could but it keeps asking for a cd that I do not have. So I usually go into task manager and kill it by selecting it and then hitting the end task button. I have to do that about 4 or 5 times before it gets the hint.

you said "There are no malware issues in your HJT log but you could fix the two below lines (I assume you do not need the Symantec line since you use McAfee):"

What symantec lines? Please include them you forgot to.

you said "Also you should delete the two below files:"

I deleted the dll but for some reason I could not find the temp folder that I was supposed to delete when I went back to look for it. Its not where it's supposed to be. I know macafe detected both infections but could not clean them. I have done some reading and I think that these are the possibilities.

1 Macfe had some false positives. I have not seen that happen yet but I suppose it is possible. Because when I went to look up info on the virusis that I was supposedly infected with I could not find much info on them. The 1st one I was infected with was multidropper-bu. I could find info on the generic version of that virus and its other versions but none on that one.
The second newpolywin32 I could find no information about at all.

2 It could be a kernal virus. Which means I have to go deaper in my search to eliminate it. Those are the possibilities as I see it. If you could think of any more please let me know. I want to make sure this comp is clean so it does not become so messed up that it wont function. I also want to make sure that there is nothing on here that could steal my personal information becuase I do some of my banking over the net. Is there any program that would help me find out if I have a keylogger or other identiy stealing virus.

I have also been making a list of the processes found in task manager and then going to google to see if any of them were processes linked to a virus and I think I have found one called crss.exe. I turned up this web site
http://www.liutilities.com/products/wintaskspro/processlibrary/crss/
that said it was part of the W32.AGOBOT.GH Worm. I recently dloaded process manager from this site and I was wondering if there was some way to use it to disable that process without getting rid of it before I am sure that doing so wont hurt my system.

Anyways these are the programs that were on the HJT uninstall log
d-Aware SE Personal
CCleaner (remove only)
GameDrive
Google Toolbar for Internet Explorer
HijackThis 1.99.1
iolo technologies' System Mechanic 5 Professional
McAfee SecurityCenter
McAfee VirusScan
Mozilla Firefox (1.5.0.1)
NVIDIA Drivers
Panda ActiveScan
PCI Audio Driver
Quicken 2006
Sid Meier's Civilization 4
Spybot - Search & Destroy 1.4
Windows Defender
Windows Defender Signatures

These are the programs that it did not include.

Acrobat Reader 6.0.2 update

Acrobat Reader 6.0.1

Civilization 3<-- currently uninstalled but shows up on the list anyway.

Docucom PDF core libary.

easy internet sign up

Hp Boot optimizer

HpSdpAppCoreApp

Itunes

J2SE Runtime Enviroment 5.0

Microsof.net framework 1.1 and its updates

Microsoft Office Standard edtion 2003

Microsoft plus! Dancer LE

Microsoft plus! digital media edition installer

Microsoft plus! Photo Story LE

Microsoft works

MSX ML4 parser

Paper Port and its printer driver

Pc-doctor for windows

Sonic Express Labeler

Sonic My DVD Plus

Sonic Record Now, Record now copy, Record now data and its update manager.

Stealth Surf Pro

And webfolders xp

These were all for some reason not included in the log that HJT produced. I do not know why. Anyways these programs should not have caused a problem but I included them here just on the off chance that you might spot something that I did not.

That about covers everything up to this point. I hope I have not given you too much and as always any help you can give me will be greatly appreciated.

 

One last thing I forgot to include about the process crss.exe was that if I go into task manager and try to close it using the end process tab it wont let me. I get a popup window that says its a critical process.

 

Ok I know its been a while. But please excuse my absence. My comp has stayed reletively clean of any threats. But there is one last thing I need to do before I can move on. I need to make sure that my comp has not picked up any keyloggers or other identy theft tools. I want to buy a copy of windows xp pro online because I am going to do a clean install of xp onto a hard drive I have bought. I want to make sure that there are no bad apps running on my comp that can steal my financial data. So I need some advice on what program I could use to detect those kind of programs. Or would the ones in the READ ME AND RUN ME FIRST do the job?

I have learned my lesson. Thanks for the help.

 

Yes the online scanners in the Read Me will detect Key Loggers.