Virus and Worm issues

This is the first time I've had trouble completing your instructions.
The first time I got through the instructions I got hung up at Spy-bot. Literally. The program froze and I had to reboot back into safe mode. Second time Spybot froze again, in the same place.
Rebooted ran bitdefender and was able to save log, panda active scan ran successfully but when needing internet access at the end to save a copy of the log, the program froze.
Third time start procedure from top to try and get around lockup and it worked but I still lose internet connection in safe mode when trying to either complete scans or save reports.
Below is what I was able to save for your perusal. Thanks in advance.

 

Have you tried to run the online scans in Safe Mode w/ Networking?

Also, please rename your HJT to something like "analyze.exe" due to some of the newer infections.

 

HJT renamed.
Yes, when I booted into safe mode it was with networking and I was able to complete bitdefender and panda activescan, but when I attempted to save the log, the panda program tried to access internet and I got a "page cannot be displayed." message. I tried closing and reopening the browser but to no avail.
Only a reboot would reestablish the internet connection in safe mode it seems.

 

Please attach a fresh HJT log.

 

Here you go!

 

Scan with HijackThis and check the boxes for the following entries:
( Make sure ALL browser windows are closed when you click FIX )

O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)

O16 - DPF: {68B632F6-FB2C-11D2-9AEA-DC27E1000000} - http://www.p2kthemovie.com/game/downloads/P2K4AD9.exe

O20 - AppInit_DLLs: C:\WINDOWS\system32\rundll32.dll

Again, make sure ALL browser windows are closed when you click FIX.

Next, run CCleaner to clean up cookies and temp files.

Next, run CCleaner to clean up cookies and temp files.


Run full scans with Ad-Aware SE & Spybot S&D and have both programs fix what they find.
Note: Remember to get all updates before doing the scans.


Finally, I would like you to flush your System Restore points. Please follow the instructions in the below:

• Disable and Re-enable System Restore
  
  
• Turn OFF System Restore to flush any bad Restore Points.
  
  
• Then, follow the instructions at the bottom of the linked page to Re-enable the Restore Utility which will create a fresh restore point.

After you complete the above reboot once more and then scan with HijackThis and attach the new log.

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now.

 

Will do. Please note the 'comcast' extra buttons refer to the help programs setup by my cable internet service provider. Do I still need to delete them?
The rest of the instructions I will follow and get back with you.

 

Yes, they need to be removed, note the (file missing) at the end.

 

Ok, per your instructions removed HJT items you listed.
Ran CCleaner, twice.
Attempted to run Ad-Aware SE it began then locked up, then the whole computer re-booted.
Ok, well lets try Spybot. Spybot got to the C's in its definition search and siezed up and I hand to manually shut down and restart because keyboard and mouse were inoperative.
Rebooted and ran another scan in HJT and its posted here..... thanks.

 

Your HJT log looks good, if your not having any further problems I wouldn't worry about Ad-Aware or Spybot.

How are things running?

 

Well as far as the internet goes so far so good.
It hasn't locked up on a me and I've had the browser open for more than an hour.

How would fix the Adaware and Spybot.
Uninstall and reinstall?

 

You can try this, but it's not necessary.

Where exactly does it freeze up at?

 

Presently Ad-aware, Spybot and McAfee Virus scanners cannot complete their scans or deletions without locking up (in safe mode or normal mode).
I tried it again this morning but it won't work. I have to physically shut down and reboot to mouse and keyboard functions back.

 

I think I found out the problem.
Windows Update was behind a critical update. Once that was fixed I was able to complete all scans. Am including a new HJT, bdscan and ActiveScan for your review, just to make sure all looks okay.
Thanks a million!

 

Please download ADS Spy, save to your desktop.

Once you have downloaded this utility, extract the contents and double click "ADSSpy.exe" to run the utility. Once the utility has loaded, make sure the first 2 boxes are checked. Now click ""Scan the system for alternate data streams" and remove any that are found.

Once your done with this, run one more Panda Scan.

 

Done, report posted.
FYI, 2nd drive (F: )is NTSF
Root Drive is (C: ) is FAT

 

First, disable System Restore!
Disable and Re-enable System Restore


Next, run CCleaner to clean up cookies and temp files.

Download Pocket KillBox

• Save it to your desktop or a place easy to find.
• Do not run it yet

Copy the contents of the below Quote Box to Notepad. Then click File and then Save As. Change the Save as Type to All Files. Name the file fixme.reg and then click save. (make sure you save it somewhere you can find it. Saving it to your Desktop may make that easy.) Then double-click on the fixme.reg file on your desktop (or locate it with Windows Explorer and double click on it if not saved to the Desktop) and when it prompts to Add in to the registry, say yes.

Locate PocketKillbox
(Procede with this step even if they do not show in blue)

Next, you will be entering items into Pocket KillBox. Please select the “Delete on Reboot” Option. Copy&Paste each of the file names listed below into the box one by one, making sure Delete on Reboot is Checked for each entry. Click the Red X for each entry, but DO NOT Allow your machine to be rebooted until the last item has been entered:

** Note: For any of the .dll files, check the Unregister .dll Before Deleting box as well. If this option is not enabled, don't worry about it.

• If you get an error message about Pending Operations, just reboot your computer manually.

Once you complete the above, reboot to Safe Mode and delete the following directories.

C:\Recycled <-- Delete everything in this folder!

C:\!KillBox <-- Delete this whole folder!

C:\WINDOWS\bundles <-- Delete this whole folder!

C:\WINDOWS\?icrosoft.NET <-- Delete this whole folder!

C:\WINDOWS\System32\tsqrihvt <-- Delete this whole folder!

C:\WINDOWS\System32\fuwnlear <-- Delete this whole folder!

Once you complete the above, reboot back into normal mode and get me a fresh Panda scan.

 

Here it is.

 

Reboot to Safe Mode and run CCleaner first to cleanup all of the cookies. Then navigate to the following directory and delete it!

C:\WINDOWS\?icrosoft.NET <-- Delete this folder, the "?" represents an unprintable character so it probably will be located toward the bottom. Manually locate this folder and delete it!

C:\Documents and Settings\MTC\Application Data\tvmdmns.dll <-- Locate this file and delete it!