Scanning Made Things Worse?

My e-mail account was hacked over the weekend -- someone is sending thousands of spam messages and I'm getting all the delivery failure notices (most to domains like 163 dot com or 126 dot com, or in Japanese/Chinese/Korean language). My host provider advised me to scan my computers for viruses, malware, etc. I ran a scan with Avast Antivirus, which found nothing, and Malwarebytes, which found three adware files that I deleted with the program. (I have also changed the password to the email three times, and changed the cpanel password. The e-mails are still being sent.)

I decided to do a deep scan to be sure there wasn't anything on this computer, so followed the instructions in the READ & RUN ME FIRST thread, then the Windows XP Malware Removal thread. After I ran RogueKiller, and while HitManPro was running, I lost the ability to click on links in the threads, and the ability to open new tabs in IE. I also cannot open programs by clicking on their icons, either in the Start Menu or on the desktop. If I right-click and choose "Open", they will start. However, IE either starts, flashes, and closes right away, or it starts and hangs, never connecting to the home page. (I do go through the control panel and reset all the IE options to default.)

I tried to do a system restore, but it says it can't restore to a previous point because nothing has been changed on my computer.

Anyway, once I figured out the right-click and "Open" worked I ran MGTools to finish up the process here. Attached are my reports. I also just re-ran Malwarebytes (since I'd run it overnight last night) and it found nothing.

Any help would be greatly appreciated!

 

Here's the original MBAM log. I did a full scan, rather than quick scan, and included my networked drives.

 

Oh! Fixed the shortcuts not working issue with the info from doug knox dot com. IE is still opening, flashing, and closing (and, of course, there's still the e-mail problem!).

 

Hello jwalker

It does not seem that your computer is infected with anything as is the case when someone has hacked your e-mail. They only need your e-mail login and password, not to infect your computer.

Here are my recommendations to look a bit deeper and probably fix some leftover Windows issues:

http://img853.imageshack.us/img853/6741/addremovexp.gif From Add/Remove Programs (via Control Panel), please uninstall the below:

• Advanced SystemCare 5
• avast! Free Antivirus
• Comodo Dragon
• COMODO Internet Security
• Free Download Manager 3.9
• IObit Toolbar v6.1

__

http://img823.imageshack.us/img823/2039/msnmsg.gif Please download Disable/Remove Windows Messenger to your desktop.

• Double-click MessengerDisable.exe to run it.
• Place checkmarks in "Uninstall Windows Messenger" and "Hide Messenger from Outlook Express"
• Click Apply
• Click Exit

__

http://img196.imageshack.us/img196/3557/tdsskiller.gif I want you to read and follow these instructions: TDSSKiller - How to run

__

And most importantly, upgrade to Windows XP Service Pack 3 ==> Microsoft Windows XP Service Pack 3 Final
This will probably fix the remaining Windows quirks you may be experiencing.

 

Thanks for the input! I have been trying to install Service Pack 3 all day today -- not much luck! I'll get to that in a minute....

I had already uninstalled the IObit Toolbar and can uninstall the other programs, but then what do you suggest for an antivirus and firewall if I uninstall Avast and Comodo?

I ran the Disable/Remove Windows Messenger and got a successful result on that.

I ran TDSSKiller and got 14 or 15 suspicious files; the log is attached.

I somehow got past the IE "flashing" problem but now it starts and hangs before it even connects (the tab just says "Connecting...." and I get the "(Not Responding)" message). I uninstalled it (had to do that in Safe Mode, as it kept restarting my computer in normal mode) and then reinstalled it. (This is IE8.) Still having the same problem. One of the tips from MS was to install SP3 (which I honestly thought I already had!) so I've been working on that, like I said, all day. It only gets to "Inspecting" and then I get an "Internal error occurred" message. I've used the file through Windows Update, I downloaded the file directly from Microsoft, and I'm downloading the file from you guys to try that one next!

In trying to install SP3, I have done everything in the "Steps to take before you install SP3" document from MS and I reset the registry and file permissions per their instructions. I've read the document for the "internal error occurred" message but it does not apply to my situation -- the entries they mention are not in my SP3 log. It appears the error I'm encountering is "DoInstallation: Failed to unregistering spuninst.exe for recovery" so I'm looking for insight on that right now -- if you have any, that would be great!

(Meanwhile I think I've conquered the e-mail problem; it wasn't the actual e-mail login but a login to a website I host that used my e-mail as the default...still getting some "Undeliverable" messages but now they're from 2-3 days ago rather than 10 minutes ago!)

Thanks again for the help so far, and any additional you can provide!

 

Only use one anti-virus, but for troubleshooting purposes, lets remove all of them to see if that improves your system's performance as your logs are clean.

Is this the FixIt tool from Microsoft you've already tried? http://support.microsoft.com/kb/949377

 

Yes -- well, the FixIt tool didn't work, so I followed the "Let me fix it myself" instructions, but it was from that document, yes.

 

Have you uninstalled the applications I requested yet? If not, please do so at this time and then retry the Service Pack 3 installation. Let me know exactly which error you receive if it fails this time.

 

I uninstalled everything on your list, restarted, and still get the "internal error occurred" message. It seems to happen when the program gets to "checking product key" every time. (I did run the WGA tool and my version of Windows is genuine.)

 

I think I've seen this type of error before. Definitely pretty rare as I've only seen it once or twice.

I believe resolution #2 here is what fixed the problem for me (at least in one case): http://support.microsoft.com/kb/949384

Since this is not a malware related issue; please post in the Software forum for additional assistance.

I do recommend uninstalling of our all programs/tools by following the instructions below before trying to get SP3 installed.

__

If you are not having any other malware related problems, it is time to do our final steps:

• Any programs we had you download and/or install can be removed at this time.
• If we had you download and run ComboFix, here is how to uninstall it:
  • Press and hold the Windows key http://i1106.photobucket.com/albums/h363/debojyotidas/Windows_Logo_key.gif and then press the letter R on your keyboard.
  • This opens the Run dialog box.
  • Copy and paste the below text inside the text-field:
    • "%userprofile%\desktop\ComboFix" /uninstall
  • Now press ENTER
  • ComboFix will extract its files one last time and you should receive a notification that ComboFix has been uninstalled shortly after.
• You can re-enable your Disk Emulation software at this time via DeFogger.
• If we had you create or download a registry patch or "fix" script, these can be deleted at this time.
• Go into the C:\MGtools folder and run the MGclean.bat file to remove additional traces of our tools.
• Now we will toggle System Restore to remove any infected system restore points.
  • Read this: How to Disable And Enable System Restore
• Lastly, here is a guide to protect you from future infections: How to Protect yourself from malware!
• Be safe

 

Just wanted to say thanks for all your help! While unfortunately resolution #2 didn't work for me, I appreciate your time and looking over the various reports to ensure I wasn't infected with something -- that was the biggest concern.

In case someone else having a similar problem runs across this thread, I thought I'd just post how I resolved the issues (IE either opening-flashing-closing or opening and freezing; and the inability to install Service Pack 3 with an "internal error occurred" when checking the product key). After trying everything I found here, on the MS website, and a few other suggestions, I ended up doing a repair installation of Windows XP from the CD. That brought me back down to Service Pack 1 (!) and IE 6 -- but from there, I was able to install SP 3 right away, and then IE 8, and so far everything is again working as it should. (Touch wood!)

 

Fantastic