USB drive suspect

Welcome to Major Geeks!

You should have attached your logs. These infection spread via USB or any other removable media and will infect all PC that the removable devices are plugged into. Odds are your removable devices, hard disk drives and all PCs you have plugged the removable devices into are now infected.

I suggest that you follow the instructions here: Disabling AutoRuns

Also I suggest that you attach the 4 logs from running the READ & RUN ME.

 

ComboFix already looks at other drives and the odds are high that there still could be issues in your registry. Look in the ComboFix log for mountpoint entries. Some of these could contain entries from the infections. You really should consider attaching your logs for one PC. There could be more to do. Better safe than sorry.

MGtools does not need to look at other drives because it is focused more on the Windows Registy Hives and also on the file system of the Windows boot drive. It is not truly a malware scanner. It is primarily an information collector. However in the process of running MGtools it does attempt to reset certain registry keys back to default values that malware can often change. And MGtools will also delete a few misc malware files from the Windows folder if found, but that is not its primary objective.

 

Your welcome. Is the below TraductorGlobal Toolbar something you have knowingly installed

You need to do the below.

Copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Make sure that you tell me if you receive a success message about adding the above
to the registry. If you do not get a success message, it definitely did not work.

You also need to stop using MSconfig to control startups as requested in step 1 of the READ & RUN ME. You also hav malware trapped in there and we can fix it after you put the PC in normal boot mode then reboot, and then attach a new log from MGtools.

 

I assume you mean that Startup is slow. Or do you mean all operations. One problem you have is that you have half the amount of RAM that I recommend for current Windows XP SP3. You logs shows

I recommend at least 1 GB of memory.

As stated in the READ & RUN ME, MSconfig is not the proper way to deal with unwanted start ups. We gave you this link: Dealing with Startup Process which explains better methods. I will give you some tips below that are not malware issues. These are just unnecessary.

Are the below Crawler items things you installed and need? If not, then uninstall them.
Crawler Desktop Notes
Crawler Slideshow Screensaver
Crawler Toolbar

Do you really need and use all of the below toolbars? I wouldn't recommend this as it is quite excessive and wastes memory and slows down your browser. And you have multiple popup blockers due to Google, Yahoo, and Windows Live Toolbar which is a waste. Uninstall any that you don't need.
Google Toolbar for Internet Explorer
Smart Menus (Windows Live Toolbar)
Windows Live Toolbar
Yahoo! Toolbar

Do you use any of the below? If not, uninstall them especially Yahoo Browser Services
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger


Also uninstall Ask Toolbar
Also uninstall Spybot - Search & Destroy 1.5.2.20 which is the old version

 

You're welcome. After completing what was in my last message. Here are some more things for you to do a few are necessary cleanups and the rest are tips to help improve performance.


Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,ClientStartup -s
O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w
O8 - Extra context menu item: &Search - ?p=ZKman000

After clicking the Fix checked button now click the Scan button to rescan. Now go thru the below list of startups that are classified as unnecessary startups and optionally fix any that you agree you don't need to run at startup. These are memory wasters and dramatically slowdown startup and overall performance.

O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\mobile PhoneTools\WatchDog.exe
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [CrawlerNotes] c:\progra~1\crawler\notes\cnotes.exe /notes
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [Yahoo! Pager] ~"C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: Herramienta de búsqueda de soportes de Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

After selecting the items you do not need, click the Fix check button again and then exit HJT.

Now run Ccleaner to clean out only temp files and nothing else!

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).


Then attach the below log:

• C:\MGlogs.zip

Make sure you tell me how things are working now!

 

You're welcome. Well now you have another 67 MB of memory available anyway. You will still be better served by at least doubling your RAM.


If you are not having any other malware problems, it is time to do our final steps:

1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
3. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
   • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
   • "%userprofile%\Desktop\combofix" /u
     • Notes: The space between the combofix" and the /u, it must be there.
     • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
   • Delete the C:\combofix folder from combofix (if it exists)
4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
7. Go to add/remove programs and uninstall HijackThis.
8. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
9. If you are running Vista, Windows XP or Windows ME, do the below:
   • Refer to the cleaning procedures in step 3 the READ ME for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
10. After doing the above, you should work thru the below link:
    • How to Protect yourself from malware!