Some virus problems

[Malware Removal Specialist]

You need to let MBAM fix those.


Open HijackThis and select Do a system scan only

Place a check mark next to the following entries: (if there)

- O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
- O9 - Extra \'Tools\' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

Important: Close all open windows except for HijackThis and then click Fix checked.

Once completed, exit HijackThis.

----------

Please run TDSSKiller per the below steps:

* Go to TDSSKiller and Download TDSSKiller.zip to your Desktop
* Extract its contents to your Desktop so that you have TDSSKiller.exe directly on your Desktop and not in any sub-folder of the Desktop.
* Click Start > Run and copy/paste the following Red text into Run box and hit Enter on your keyboard.

"%userprofile%\Desktop\TDSSKiller.exe" -v
 
* Follow the instructions to type in "delete" when it asks you what to do when if finds something.
* When done, a log file should be created on your C: drive called 'TDSSKiller.txt' please add this log to your next reply.

Done, TDSSkiller came up with nothing. and saved no logfile.

Update: I am now having trouble clicking things in my browser window, I can't open links or click buttons. I am only able to post this by going through history and finding the history link to me posting from before



Okay this is strange. sometimes I can't click links, highlite text, or click buttons like post/modify. but if I minimize then maximize I can then do the previously mentioned, however I can't switch tabs. I minimize and maxmize and its back to the first problem

[Malware Removal Specialist]

Try this.

Download Rooter.exe to your desktop.

* Double click Rooter.exe to start the tool.
* A DOS window will appear and show the scan progress.
* Once complete a notepad file containing the report will open.
* Copy & paste the results in your next reply.
* Close notepad and Rooter will close.

A log will also save at C:\Rooter.txt

Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows XP Home Edition (5.1.2600) Service Pack 1
[32_bits] - x86 Family 6 Model 7 Stepping 6, GenuineIntel
.
[wscsvc] STOPPED (state:1) : Security Center -> Disabled !
[SharedAccess] RUNNING (state:4)
.
Internet Explorer 6.0.2800.1106
Mozilla Firefox 3.5.7 (en-US)
.
A:\  [Removable]
C:\  [Fixed-NTFS] .. ( Total:68 Go - Free:32 Go )
D:\  [CD_Rom]
E:\  [Fixed-NTFS] .. ( Total:139 Go - Free:114 Go )
F:\  [Fixed-NTFS] .. ( Total:229 Go - Free:222 Go )
.
Scan : 18:04.46
Path : C:\Documents and Settings\Mark\Desktop\Rooter.exe
User : Mark ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
______ System (4)
______ \SystemRoot\System32\smss.exe (968)
______ \??\C:\WINDOWS\system32\csrss.exe (1024)
______ \??\C:\WINDOWS\system32\winlogon.exe (1048)
______ C:\WINDOWS\system32\services.exe (1096)
______ C:\WINDOWS\system32\lsass.exe (1108)
______ C:\WINDOWS\system32\svchost.exe (1304)
______ C:\WINDOWS\system32\svchost.exe (1464)
______ C:\WINDOWS\System32\svchost.exe (1608)
______ C:\WINDOWS\System32\svchost.exe (1900)
______ C:\WINDOWS\System32\svchost.exe (1932)
______ C:\WINDOWS\system32\spoolsv.exe (220)
______ C:\Program Files\Avira\AntiVir Desktop\sched.exe (312)
______ C:\WINDOWS\Explorer.EXE (576)
______ C:\WINDOWS\V0410Mon.exe (772)
______ C:\Program Files\Razer\Lachesis\razerhid.exe (784)
______ C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (792)
______ C:\WINDOWS\System32\devldr32.exe (828)
______ C:\WINDOWS\System32\alg.exe (876)
______ C:\Program Files\Java\jre6\bin\jqs.exe (948)
______ C:\WINDOWS\System32\svchost.exe (1112)
______ C:\Program Files\Razer\Lachesis\OSD.exe (1816)
______ C:\Program Files\Razer\Lachesis\razertra.exe (188)
______ C:\Program Files\Razer\Lachesis\razerofa.exe (404)
______ C:\WINDOWS\RTHDCPL.EXE (496)
______ C:\WINDOWS\SOUNDMAN.EXE (2184)
______ C:\Program Files\Avira\AntiVir Desktop\avguard.exe (1908)
______ C:\Program Files\Mozilla Firefox\firefox.exe (3852)
______ C:\Documents and Settings\Mark\Desktop\Rooter.exe (3068)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:32256 | Length:74052163584)
\Device\Harddisk0\Partition0 (Start_Offset:74052195840 | Length:246018124800)
\Device\Harddisk0\Partition2 (Start_Offset:74052228096 | Length:246018092544)
.
----------------------\\ Scheduled Tasks
.
C:\WINDOWS\Tasks\desktop.ini
C:\WINDOWS\Tasks\SA.DAT
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 18:04.47
.
C:\Rooter$\Rooter_2.txt - (07/02/2010 | 18:04.47)

[Malware Removal Specialist]

It looks like Malwarebytes got everything.

Although you will want to run this next scan. Be sure you have time to let it finish as it can take up to 3 hours or more.

Run the F-Secure Online Scanner for Viruses, Spyware and Rootkits.

Note: This Scanner is for Internet Explorer Only!

* Place a check mark next to I have read and accepted the license terms and then click Install
* Accept the warning to install the F-Secure Control in Internet Explorer.
* Click Start once the control is installed.
* Choose the Full Scan option and then click Start
* Once the download completes,the scan will begin automatically.
* The scan will take some time to finish so please be patient.
* When the scan completes, choose the Automatic cleaning (recommended) button then click Next and let the scanner finish cleaning.
* Click the Show Report button. (this will open an Internet Explorer window containing the report)
* Copy & Paste the entire report in your next reply.

canning Report
Sunday, February 7, 2010 20:12:08 - 20:36:25

Computer name: MARK-47805DC06C
Scanning type: Scan system for malware, spyware and rootkits
Target: C:\ E:\ F:\
3 malware found
TrackingCookie.2o7 (spyware)

    * System (Disinfected)

TrackingCookie.Atdmt (spyware)

    * System (Disinfected)

TrackingCookie.Doubleclick (spyware)

    * System (Disinfected)

Statistics
Scanned:

    * Files: 22294
    * System: 2718
    * Not scanned: 6

Actions:

    * Disinfected: 3
    * Renamed: 0
    * Deleted: 0
    * Not cleaned: 0
    * Submitted: 0

Files not scanned:

    * C:\PAGEFILE.SYS
    * C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
    * C:\WINDOWS\SYSTEM32\CONFIG\SAM
    * C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
    * C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
    * C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM

[Malware Removal Specialist]

All that found was 3 cookies which are not a threat. Looks like you are clean.... again.

How is the computer running now?

It seems to be running alright, after the repair install i'm back on SP 1. I have tried to upgrade to SP2 but I get stuck at 'creating cabinets'. been there for about 40 min now.

Ignore that last post, problem taken care of.

Thank you so much for your help Evil.