Stopguard malware, Altnet?

I need further help. I have read many of the posts and done all of the recommending fixes prior to this posting:
Safe Mode Scans:
Trend Micro - clean
Symantec Security - found Trojan.Vundo - downloaded removal tool which removed it
AVERT Stinger - clean
AdAware SE - found 1 AltnetBDE, 8 Virtumundo, 2 Tracking Data Miners
AdAware VX2 - clean
CCCleaner run
Spybot - Immunized and updated, then found Hotbar (2 out of 4 removed), the DSO Exploit (didn't download exploit fix), Gain.Gator (2) and Connect MFC Application (1) - all removed except the 2 Hotbar.
Ran CWShredder and fix, Kill2me without finding anything.

Rebooted into normal mode and ran Spybot again and found:
Avenue A (1) Hotbar (2) SexList (1) VX2/f (1)...was able to fix/remove all but the 2 Hotbars
Ran AdAware and found 1 AltnetBDE and 1 Tracking DM
Ran the Symantec Trojan.Vundo removal tool again and it didn't find anything
Ran Spybot again and found ATLEvents (4), MediaPlex (1) and Hotbar (2)...still can't remove the Hotbar events.

Anyother suggestions? I have saved my HJT log but have not attached...will await your suggestions...thank you in advance

 

Okay...so just in case you wonderful volunteers have any time to check...here is my HJT log. My system is running much more smoothly, ie-faster, but there are still many processes running and resources being used that look suspicious.

Thanks in advance!

 

Hi Ayla,

Looks like you just have a few remnants. Run HijackThis and Check the Boxes for the following:

O1 - Hosts: com

O2 - BHO: CATLEvents Object - {3EC8E271-FAB9-418a-8A8E-65AEB4029E64} - C:\DOCUME~1\KATYFI~1\LOCALS~1\Temp\gepjsab.dat

O2 - BHO: CATLEvents Object - {72AC6865-B1D3-4C32-A27B-4B3BF04DE655} - C:\DOCUME~1\KATYFI~1\LOCALS~1\Temp\gepjsab.dat

O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)

O4 - HKLM\..\Run: [*tapifont] C:\WINNT\security\tapifont.exe

O4 - HKLM\..\Run: [*infourl] C:\WINNT\security\templates\infourl.exe

O4 - HKLM\..\Run: [*faxinfo] C:\WINNT\Web\printers\faxinfo.exe

O4 - HKLM\..\Run: [*msvcdoc] C:\WINNT\Web\msvcdoc.exe

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O16 - DPF: Contains -

O16 - DPF: DownloadInformation -

O16 - DPF: InstalledVersion -

Make sure All Browser Windows are Closed when you Click FIX.

Now, boot to Safe Mode and use Windows Explorer to find and Delete any remnants of these - Note that you should enable the viewing of hidden files:

msvcdoc
faxinfo
infourl
tapifont
gepjsab
basjpeg
tnofipat
ofnixaf
codcvsm
lruofni

Then boot Normal and attach a fresh HJT Log & we'll take a look

Good hunting,

PP

 

Thanks Phillie! You guys are the best...I really appreciate all the time you put in helping those of us who are "floundering"

Attached is my new HJT log...I found one remnant file...codcvsm.tmp...and deleted it.

My system seems to be running much quicker now, but SPybot still keeps finding those 2 Hotbar events that it can't delete and they show up in the Registry Key...any ideas or "if it ain't broke, don't fix it?"

Also - I ran similar preventive measures on my laptop at home and also ran the about:Buster and HSRemove. I removed MSVM and installed Java and now I can't access the internet on my laptop...any suggestions? I haven't done that on my PC because I didn't want to lose internet connectivity.

Thanks again.
Ayla

 

Hi Ayla,

Your HJT log looks good Looks like you got everything.

Hotbar is something that can be removed via Add or Remove Programs.

Hotbar Removal Instructions and Help

I do not know why your laptop lost connectivity - I would imagine there could be a number of different reasons for this. You might try posting a topic in the Software Forum for that? Sorry I'm not more help in that regard!

PP