Malicious software or Trojan

[okym]

I attached my sister-in-law's portable drive to my pc to transfer some files to my portable drive and all the files on her drive were shown as shortcucts.
When I attempted to open a shortcut,auto run flashed on the screen.
I cancelled it as fast as I could,however Malwarebytes Pro is now disabled including protection mode and my control panel has been disabled.
Running Malwarebytes in safemode detects a possible trojan horse (Trojan.Agent.Ck) as well as a number of malicious registry entries.
Avast now continually notifies me of two malicious URL's
//nnh42.name/a/
//jsh37.net/a/
One of the malicious registry entries contains the phrase "don't steal our software"
All attempts to rectify the problem have failed
My system is running Windows XP with Service pack 3.
I have attached theRogue killer logs.
Any help you can give me would be greatly appreciated

[Pondus]

One of the malicious registry entries contains the phrase "don't steal our software"

so, you have a key genrator for cracking malwarebytes license.....  noughty boy

[Pondus]

attach the following logs.    http://forum.avast.com/index.php?topic=53253.0

AdwCleaner
Malwarebytes.   and malwarebytes should be run from normal mode unless it has a problem
OTL
aswMBR

[okym]

To be honest the PC was part of an inheritance from a deceased estate with the software preloaded and I never bothered to check if it was genuine.
Looks like an uninstall is warranted.
I have attempted to run the programs you have listed but what ever has infected me is blocking them from running.

[Pondus]

OK....malware removers are notified, it may take hours before they arrive so be patient

you may try run from safe mode

[okym]

I managed to run Adw cleaner from safe mode,the log,if it is any use,is attached,together with the MBAM log.
Thanks for assistance and patience,this a whole new experience to me.
Kym

[essexboy]

Hi I will need the OTL log please

Download OTL  to your Desktop
Secondary link

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

• Select All Users
  
• Under the Custom Scan box paste this in

netsvcs
BASESERVICES
%SYSTEMDRIVE%\*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
winsock.*
/md5stop
CREATERESTOREPOINT

• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    
  • Attach   both logs

[okym]

Sorry for the late reply,the "bug is now interfering with my internet access.
Log's attached as requested.
Kym

[essexboy]

OK I think I can see the problem

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  
  

Code: [Select]

:OTL
O4 - HKU\S-1-5-21-682003330-764733703-1177238915-1004..\Run: [7d7e7] C:\Documents and Settings\Bronwyn and Kym\Application Data\6b6\7d7e7.js ()
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\2a2a.js ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\2a2a.js ()
O4 - Startup: C:\Documents and Settings\Bronwyn and Kym\Start Menu\Programs\Startup\2a2a.js ()
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\2a2a.js ()
[2013/03/05 14:35:47 | 000,000,000 | -HSD | C] -- C:\Program Files\74607
[2013/03/05 14:35:47 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Bronwyn and Kym\Application Data\6b6
[2013/03/05 14:35:46 | 000,000,000 | -HSD | C] -- C:\6a4
[2013/03/06 07:00:03 | 000,047,405 | ---- | C] () -- C:\Documents and Settings\Bronwyn and Kym\Start Menu\Programs\Startup\2a2a.js
[2013/03/06 07:00:03 | 000,047,405 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\2a2a.js

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]

• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:

• Flush DNS
• Report IE Proxy Settings
• Reset IE Proxy Settings
• Report FF Proxy Settings
• Reset FF Proxy Settings
• List content of Hosts
• List IP configuration
• List Winsock Entries
• List last 10 Event Viewer log
• List Installed Programs
• List Devices
• List Users, Partitions and Memory size.
• List Minidump Files

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
 
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

[Shobana]

Hi  i am facing the same issue.
I addition there are multiple windows update icon in system tray and disappearing with mouse roll on

[CraigB]

Hi  i am facing the same issue.
I addition there are multiple windows update icon in system tray and disappearing with mouse roll on

Please start your own topic and supply/attach the following logs

http://forum.avast.com/index.php?topic=53253.0

AdwCleaner
Malwarebytes
OTL
aswMBR

[okym]

Hi essexboy,
Thanks for that,I may have to run the fix in safe mode,will that still work.
Will try it in normal mode first.
Kym

[essexboy]

If you need to run it in safe mode then so be it, but allow the reboot to normal mode so that we can determine the effectiveness, or whether I need to look deeper

[okym]

Will do
Kym

[okym]

Quick fix log and Mini Toolbox log attached as requested.
As a side note,the only way I could get OTL to run in normal mode was to rename the desk top icon as "safe file".
The system now runs better but the malicious URL pop ups are still appearing and control panel is disabled.
Regard's,
Kym