Start up virus

Actually this was a bad idea! You should have tried doing a restore to a point in time before the problem began. Now you have no restore points and this is no longer an option. This may not be so easy to fix since problems like this can be very hard to find.

Please follow the instructions in the below link and attach the requested logs when you finish these instructions.

READ & RUN ME FIRST. Malware Removal Guide

 

Please attach the MGlogs.zip file that was requested. You should not be attach any logs from inside of the MGtools folder. Only attach the log that was requested.

 

That is not the complete log file. Are you sure this came from C:\MGlogs.zip or did you make this ZIP file yourself. Also are you checking to see if you are receiving any of the error messages indicated on the download page for MGtools?

 

I repeat my question

And here are a couple more questions:

1. Do you see the C:\MGtools folder?
2. If you answered yes to the above question, look for the below files and tell me if you see them:
   • C:\MGtools\hijackthis.log
   • C:\MGtools\newfiles.txt
   • C:\MGtools\procdll.txt
   • C:\MGtools\runkeys.txt

Now continue with these instructions. Click Start, Run, and enter cmd and click OK. This will open a command prompt window. In the command prompt window enter the below commands in black bold print each follow by the enter key.

cd c:\MGtools
GetRunKey.bat

Note that there is a space after the cd.

Tell me what happens when you run GetRunKey.bat. Did you get any error messages? Or did a notepad window eventually open with the runkeys.txt log and does the final part of command prompt window look like the below:

Code:

C:\MGTools\temp\xrkey06.txt
 
C:\MGTools\temp\xrkey07.txt
 
C:\MGTools\temp\xrkey08.txt
 
C:\MGTools\temp\xrkey10.txt
 
C:\MGTools\temp\xrkey12.txt
 
updating: runkeys.txt (208 bytes security) (deflated 83%)
All finished getting Run Keys.  The log is in C:\MGtools\runkeys.txt
 
C:\MGtools>

 

The one given in the READ and RUN ME when you run the procedure for cleaning your Windows XP system. In step 2, the fourth bullet list item says:

This is where how to us MGtools is explained and this is where the possible error messages are explained.

Please run the C:\MGtools\ShowNew.bat program by double clicking on it. Then attach the below two logs:

C:\MGtools\hijackthis.log
C:\MGtools\newfiles.txt

Also put MSconfig into normal startup mode as requested in the READ and RUN ME.

 

Then it seems like you did not let the procedure run until it completed. Try running C:\MGtools\GetLogs.bat and don't interrupt it. Let it run ALL the way thru to the end.
The command prompt window will look something like below show in the below when scans are finished

http://forums.majorgeeks.com/attachment.php?attachmentid=78790&d=1198613293


Now do you have a C:\MGlogs.zip file that contains all of the logs.


Who asked you to download SilentRunners? Are you working on another website too?

The logs you have posted thus far do not show any malware issues. I see no malware reasons for a popup however that does not mean that it is not malware. It just means that whatever it is does not show in any logs posted. It may or may not be malware related.

However, you should do the below.

Delete the below files

Code:

"C:\Documents and Settings\Dimon\Local Settings\Temp\"
aax19.tmp     Dec 25 2007       30520  "AAX19.tmp"
aax1e.tmp     Dec 24 2007           0  "aax1E.tmp"
aax1f.tmp     Dec 24 2007           0  "aax1F.tmp"
aax20.tmp     Dec 24 2007           0  "aax20.tmp"
drm_dy~1.dll  Dec 25 2007      212992  "drm_dyndata_7330014.dll"
MOD1D.TMP     Dec 24 2007              "mod1D.tmp"

Uninstall the below old versions of software:
J2SE Runtime Environment 5.0 Update 6
Java 2 Runtime Environment, SE v1.4.2_03
Viewpoint Media Player <-- should have been uninstalled in step 0 of the READ ME

Make sure you reboot after uninstalling the above!

After reboot, now install the current version of Sun Java from: Sun Java Runtime Environment

Now run this Running GMER to detect rootkits and attach the requested log from GMER.

 

I edited my message to add more to do. Please re-read.

This is not a good idea. You should only work in one forum at any given time. Take your pick where you wish to work and continue working on that site.

 

So apparently you were not allowing MGtools to finish running.

 

I see a couple of strange things in your GMER log but I doubt they are the cause of that popup window you get at startup. One of the things I see is a bunch of files related to Kaspersky. Did you have Kaspersky installed at one time and uninstall it? Did you uninstall it before installing AVG Free.

Another thing I see is reference to a driver named at0ims1f.SYS but the file is said not to exist.

Download Registry Search (see the link titled RegSearch Download Link)

* Extract the files from Regsearch.zip into a folder.
* Doubleclick regsearch.exe to start the program.
* Enter at0ims1f in the top area of the form and then click "OK".
* Notepad will be opened with text in it (the file named RegSearch.txt will be saved in the program's folder as well). Attach this file to your next reply.



You should consider using System Restore to return to a restore point before the time when your problem began. This may be the best and fastest solution. We may not be able to find your problem because it could just be due to something that was changed in the registry and this may not be detectable by any scans or other tools we run.

 

Someone had Kaspersky installed at some point or someone ran a Kaspersky Online Scan.n You can delete the below files from it:

Code:

"C:\WINDOWS\system32\drivers\"
fidbox.dat    Dec 25 2007    15872032  "fidbox.dat"
fidbox.idx    Dec 25 2007      188048  "fidbox.idx"

The log from RegSearch did not reveal anything.

There is nothing in any of your logs showing malware that we could do anything about. As I suggested in my previous message, you should look into trying System Restore. Other than that, you may want to try posting in the Software Forum.