Alright, first an overview of the problems, the things i’ve tried, and my laptop…

Its a Gateway, been through the ringer a bit… pretty dinged up. 1.60 GHz, 896 mb of ram, Running Windows XP Media center Edition Version 2002 Service Pack 2. I don’t currently have any notable programs having uninstalled everything trying to get rid of this… Well, I didn’t get rid of BitTorrent yet I don’t think… But I haven’t run it in months, since long before the problems started.

I have tried a system restore, I’ve scanned (IDK how many times now…) with Avast, and Maleware Bytes, Spybot S&D, CCleaner, and Housecall… I’ve recently cleaned and defragged my computer (recently as in two days ago). And everything keeps coming up clean or I fix minor issues I expected to have (like a PUP from a site I know, or emptiying the cache) But still I’m seeing issues…

My computer has a hard time starting up or shutting down, usually it’s slow and sometimes it freezes mid way. I have a hard time shutting down my internet connection (sometimes it won’t listen to me at all). My internet browsers (IE and Firefox both) sometimes won’t start up (freezing midway, I have to end the processes or I get a flood of half open browsers trying to get online). Occasionally explorer.exe dies outright, usually when I’m in a folder with images or video (this started happening quite a while ago, it may or may not be related). I frequently get “Trojan Imposter Repelled” and “Malicious URL Repelled” alerts from Avast, as well as “Virus Protection” or “You’ve won this!” popups, usually the same or similar ones. Also, I have googled the IP address in the first URL blocked warnings (199.80.55.80, while scanning for this I got another with 199.80.55.19) and any site with it I am redirected from on the infected computer. I checked the sites via another computer, but with everything in them I can’t be absoutely sure it’s the same problem, though I believe it is or at least it’s a similar one.

I have and will post here screen shots of two of the Avast warnings, as well as one of the virus popups, and fresh scan logs from Avast, Spybot S&D, Maleware Bytes, Housecall, and HijackThis!. I have used HijackThis! on recommendation from these forums before, and I know not to do anything in it without assistance, but often a log from it is requested, so I figured I’d provide one right away since I have the program.

Any help is appreciated. I have used these forums once before to save a previous laptop from the grave, I hope to do the same this time.

[{(Images)}]
http://i188.photobucket.com/albums/z12/Raziel_Shadowchild/Virus%20Shit/avast1.jpg
http://i188.photobucket.com/albums/z12/Raziel_Shadowchild/Virus%20Shit/avast2.jpg
http://i188.photobucket.com/albums/z12/Raziel_Shadowchild/Virus%20Shit/avast3.jpg
http://i188.photobucket.com/albums/z12/Raziel_Shadowchild/Virus%20Shit/viruspopup1.jpg
http://i188.photobucket.com/albums/z12/Raziel_Shadowchild/Virus%20Shit/avastlog.jpg
http://i188.photobucket.com/albums/z12/Raziel_Shadowchild/Virus%20Shit/spybotsdlog.jpg
http://i188.photobucket.com/albums/z12/Raziel_Shadowchild/Virus%20Shit/housecalllog.jpg
[{(END)}]

You did not update Malwarebytes before you scanned, so you have used a very old database: 4449 latest is 4985 ? Malwrebytes is releasing several updates a day…

So update Malwarebytes scan again and post new log

In addition to what Pondus posted about updating and running MBAM again and posting your log, check the information on the first post of this thread under Virus/Worms for you to check your machine for malware: http://forum.avast.com/index.php?topic=53253.0.

Follow the directions for obtaining the OTL logs. Post the two (2) OTL log as an attachment (Additional Options > Attach > Browse (the logs will be on your desktop > Post). Thank you.

After you fix the problem then please read:
Support for Windows XP Service Pack 2 ends on July 13, 2010
http://support.microsoft.com/gp/lifean31

You will need to update to SP3 as it has many Critical Updates and system performance improvements.

Thankyou for your help so far, I will get on these right away.

Also, Swarnava Sengupta (a Junior Member) sent me a PM saying the following:
“please reply me back…i will tell you the solution”
I cannot reply back to him being relatively a newb on here. Few posts and whatnot.

you need 20 post before you can reply to PM`s

Update MBAM and do a new scan and see if that may fix it…and post the log

OBS: SpyBot is no good, i would absolutely replace it with SUPERAntiSpyware http://filehippo.com/download_superantispyware/

Even if you could reply or use the PM function I would advise against it.

Why, you don’t know who they are or their experience level and this goes for anyone sending you a PM to offer the same. By helping outside of the forum only helps one person when the answer could help many others who might read this in the future or be following it now.

I can’t see why they can’t simply post the supposed solution in the topic/forum.

Solutions not posted on the forum don’t have the benefit of others seeing what that solution might be and offer comments on said solution, especially if there are flaws in it.

This isn’t to say the solution that might be offered by PM isn’t going to be right, it just doesn’t have any scrutiny and doesn’t help others. This is why support via PM isn’t advised and one of the reasons why I have the “No support PMs thanks” in my profile info as it only helps one person.

Registry Defender is a rogue security program so if you have installed it, then you need to remove it.

Registry Defender Platinum is a rogue registry cleaning program that is advertised via malware such as the Vundo Trojan. When infected with Vundo, pop-ups will be displayed that state your Windows Registry is corrupted and that you should download and install Registry Defender Platinum. If you decide to download and install the program it will be configured to start automatically when your computer turns on. When running, the program will perform a scan and state that you have numerous Windows Registry problems. It will not, though, allow you to fix these problems until you purchase the program. Even if the program was actually describing legitimate problems, we would never know. This is because it does not explicitly state what the problems are. Instead it just states you have a problem and asks you to spend money to fix it. Legitimate programs in this category, on the other hand, would provide specific details as to each problem that has been detected.

http://www.bleepingcomputer.com/virus-removal/registry-defender-removal

I’m running MBAM right now, and I had actually just realized I should replace with SAS… I went through my old Avast forum posts and found it listed in there and I facepalmed that second… I got Spybot because I recognized it and I didn’t know what else to run. I also plan to get Webroot Desktop Firewall again… Alright, for the hell of it… An updated list from various sources for what I plan to use for protecting and optimizing my computer.

The first six were recommended here.
Avast! Antivirus (of course :P)
SUPERAntiSpyware
Malewarebytes Anti-Maleware
Webroot Desktop Firewall
HijackThis!
OTL
CCleaner (recommended to me actually by a ‘mafia’ dedicated to IMVU, mainly for the purpose of cleaning out your records before trying one of their cheat methods or the surveys for free credits)
Housecall (recommended to be by my father, who has used it repeatedly and has a degree in networking)

Also, in regards to the PM, I had planned to tell them to post in here in my reply, only to find out that I couldn’t reply. A friend of mine actually followed PM ‘computer repair’ advice once and it was just the oppisite, and I have been using forums avidly for over a decade, knowing full well the idiots and asses that sometimes abuse the PM feature on some. So for something this important, I’m not about to trust a PM convo. I was just hoping they were tracking this and would reply here since I couldn’t reply via PM, or perhaps someone recognized them and could offer insight into their motives.

And as far as I can tell I have not installed Regestry Defender. The only protection programs I have installed right now are as follows.

Avast! Antivirus
Malewarebytes Anti Maleware
Spybot S&D
CCleaner
HijackThis!
And I have used Housecall three times in the past few days.
I also have BitTorrent and Gamebooster on my computer, but aside from that Anything else on here SHOULD be factory… I’ve been uninstalling everything I usually use to increase the speed of scans and to narrow the search.

For the record, I’ll also be scanning throughly my portable drives and flash drives after this is fixed, but until I have it fixed I’m not connecting them again.

Alright, attached are logs from MBAM (fully updated) and OTL.

Also, 2 things… Firstly, I don’t think svchost.exe is supposed to take up 50% of my CPU ever… And secondly, I can’t access Avast forums from my computer anymore so updates will come more sporadically since I have to get to the public library simply to check it…

NOTE: I was able to get the site to work again using the ‘Last Known Good Configuration’ in the boot menue (where it has safemode and shit too) So these logs might need to be redone again…

And secondly, I can't access Avast forums from my computer anymore

Webroot Desktop Firewall

And as far as I can tell I have not installed Regestry Defender.

So it was more precautionary, but may be worth looking through the info on the link for any associated issues/files, etc…

My first recommendation would be to update to IE8 as soon as possible as IE6 has more holes than a sieve ;D
Once this run is complete can you let me know what your current problems are

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL IE - HKU\S-1-5-21-3942227701-1679884542-3315011257-1006\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (no name) - {2804caed-1d99-4a3d-833c-c552f986b75c} - No CLSID value found. O2 - BHO: (no name) - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - No CLSID value found. O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found. O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\WINDOWS\system32\bae.dll (Gateway Inc.) O2 - BHO: (no name) - {E8DAAA30-6CAA-4b58-9603-8E54238219E2} - No CLSID value found. O2 - BHO: (no name) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found. O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKU\S-1-5-21-3942227701-1679884542-3315011257-1006\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKU\S-1-5-21-3942227701-1679884542-3315011257-1006\..\Toolbar\WebBrowser: (no name) - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No CLSID value found. O3 - HKU\S-1-5-21-3942227701-1679884542-3315011257-1006\..\Toolbar\WebBrowser: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found. O3 - HKU\S-1-5-21-3942227701-1679884542-3315011257-1006\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found. O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab (Reg Error: Key error.) [2010/06/12 23:50:07 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\jesterss.dll

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Here it is. As for updating IE… well I never use it >.< I used Firefox up until it bugged so bad it wouldn’t open (I think it was the virus, not sure though) I plan to get it back when this is all taken care of. Though which would you recommend? IE8 or Firefox?

Unfortuunately it is a common misconception that if you do not use IE you do not need to update it. IE is integral to windows and has hooks/shared files with other system elements. So you definitely need IE8 even if you do not use it… My personal preference is for IE, but the choice is yours ;D

I would like to run combofix now as a few of the BHO’s have not gone

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

[*]Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

[*]Double click on ComboFix.exe & follow the prompts.

[*]As part of it’s process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it’s strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

[*]Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it’s malware removal procedures.

http://img.photobucket.com/albums/v706/ried7/RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

http://img.photobucket.com/albums/v706/ried7/whatnext.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Here it is.

Should I be worried if something in it said it failed to initialize right before it rebooted my computer?

Also, should I put on IE* right away or wait till I’m done running fixes here?

OK that now looks good, I would get IE8 and SP3 asap to block any security holes… Are you experiencing any problems ?

Not at the moment, I will come back though if I do. Thankyou for your help. I am going to update and get rid of spybot tonight, as well as get either webroot or outpost (any other recommendations on which?) tonight, and keep a watch on things to see if problems persist.

I will remove my tools now and give some recommendations, but I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean

A good workman always cleans up after himself so…The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

:Commands [resethosts] [purity] [emptytemp] [EMPTYFLASH] [CLEARALLRESTOREPOINTS] [Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done

.
Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /Uninstall

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself. MBAM can be uninstalled via control panel add/remove along with ERUNT. But they may be useful tools to keep

We will now confirm that your hidden files are set to that, as some of the tools I use will change that

[*]Click Start.
[*]Open My Computer.
[*]Select the Tools menu and click Folder Options.
[*]Select the View Tab.
[*]Under the Hidden files and folders heading select Do not show hidden files and folders.
[]Click Yes to confirm.
[]Click OK.

http://users.telenet.be/bluepatchy/miekiemoes/images/javaicon.gif
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems

Upgrading Java:

[*]Download the latest version of Java SE Runtime Environment (JRE)JRE 6 Update 22.
[*]Click the “Download” button to the right.
[*]Select your Platform and check the box that says: “I agree to the Java SE Runtime Environment 6 License Agreement.”.
[*]Click on Continue.
[*]Click on the link to download Windows Offline Installation (jre-6u22-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager…
[*]Close any programs you may have running - especially your web browser.
[*]Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
[*]Check any item with Java Runtime Environment (JRE or J2SE) in the name.
[*]Click the Remove or Change/Remove button.
[*]Repeat as many times as necessary to remove each Java version.
[*]Reboot your computer once all Java components are removed.
[*]Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u22-windows-i586-p.exe and select “Run as an Administrator.”)

SPRING CLEAN

Download and run Puran Disc Defragmenter

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
[*]SpywareBlaster to help prevent spyware from installing in the first place.

http://img233.imageshack.us/img233/7729/mbamicontw5.gif
Malwarebytes. Run weekly to keep your system clean

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit
[*]Microsoft Windows Update

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?
Keep safe

Please read

Windows Explorer is a file manager application that is included with releases of the Microsoft Windows operating system from Windows 95 onwards. It provides a graphical user interface for accessing the file systems. It is also the component of the operating system that presents many user interface items on the monitor such as the taskbar and desktop. Controlling the computer is possible without Windows Explorer running (for example, the File | Run command in Task Manager on NT-derived versions of Windows will function without it, as will commands typed in a command prompt window). It is sometimes referred to as the Windows Shell, explorer.exe, or simply “Explorer”.