Edit: I should mention I have XP MCE.
I caught a bit of a bug this weekend, either as a result of my dirty dirty little USB stick or from a media download.
Here is a little background:
Had sound trouble with YouTube and Media Player. After a reboot, I still had sound trouble. As a result, I ran Malwarebytes, but during Updating, it said it couldn't find the website. So, I went to isitdownforeverybodyorjustme and found out that it was just me.
So, I decided to run SuperAntiSpyware. Same thing on the update. None of the webpages would load.
I rebooted in safemode, and logged in as Administrator. In doing so, I found out that my Administrator couldn't get in my normal user's folder in Docs and Settings, even when I ran control userpasswords2 and changed my normal logon to a normal user.
At any rate, in safe mode, I was able to access the update and websites for malwarebytes, f-secure and superanti. I ran all three one after another.
Here is what Malware found:
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xccinit (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\plugins\npygw.dll (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Thunderbird\plugins\npygw.dll (Adware.ClickSpring) -> Quarantined and deleted successfully.
Here is what SuperAnti found:
Adware.ClickSpring/Outer Info Network
C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\SKS~1\LOGONUI.EXE
F-Secure came up with:
Hmf, apparently I didn't save that log..
I'll post HiJack if requested. I run a very very very modified set of serivces. I can't remember, but I think it was Blacksheep's website that I got the list of what to run and what not to run, from.
Also, I lost some desktop icons, which means my INFO2 file is probably damaged, but no loss there.
I'm not sure if the system is cleaned or not, and there is residual damage, or if I have something that Ajax won't even take off. All I know is, all three (F-secure, Malware and Super anti) all say I'm clean, and I still can't access their websites except in safemode with networking.
Thanks in advance for all your help!
Edited by dkkelso, 21 February 2009 - 10:27 PM.