3 viruses found not detected by Avast! or MBAM

[REDACTED]

Thanks for that tool, I did the scan and have attached the two logs created. I think I've found a few more programs that I'll remove and reinstall like Adobe flash and the browsers and also the sound card driver, I guess one of the driver files got infected and were removed along with all the other bad processes that I removed with Avast!.

After you've looked through the log files, is there anything else you'd suggest I do?

[Pondus]

Just curious, why do you have more then one OS installed?

[essexboy]

You appear to have had  Trojan.Win32.Delf on this system.  I will remove what is evident.  Also you appear to have Trend AV and AdAware

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  
  

Code: [Select]

:Commands
[CREATERESTOREPOINT]

:OTL
SRV - File not found [Auto | Stopped] -- C:\WINNT\system32\wsldoekd.exe -- (wsldoekd)
SRV - File not found [Auto | Stopped] -- C:\WINNT\system32\tdydowkc.exe -- (tdydowkc)
SRV - File not found [Auto | Stopped] -- C:\WINNT\system32\tdctxte.exe -- (tdctxte)
SRV - File not found [Auto | Stopped] -- C:\WINNT\system32\sobicyt.exe -- (sobicyt)
SRV - File not found [Auto | Stopped] -- C:\WINNT\system32\roytctm.exe -- (roytctm)
SRV - File not found [Auto | Stopped] -- C:\WINNT\system32\roxtctm.exe -- (roxtctm)
SRV - File not found [Auto | Stopped] -- C:\WINNT\system32\noytcyr.exe -- (noytcyr)
IE - HKU\S-1-5-21-839522115-789336058-1202660629-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2462013
IE - HKU\S-1-5-21-839522115-789336058-1202660629-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-839522115-789336058-1202660629-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy:8080
FF - prefs.js..network.proxy.ftp: "proxy"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.gopher: "proxy"
FF - prefs.js..network.proxy.gopher_port: 8080
FF - prefs.js..network.proxy.http: "proxy"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "proxy"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "proxy"
FF - prefs.js..network.proxy.ssl_port: 8080
FF - prefs.js..network.proxy.type: 0
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {F66FF50F-219A-4163-93C1-C2713A49CBEC} - No CLSID value found.
O3 - HKU\S-1-5-21-839522115-789336058-1202660629-1000\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O4 - HKU\S-1-5-21-839522115-789336058-1202660629-1000..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background File not found

:Commands
[resethosts]
[emptytemp]
[Reboot]

• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

[REDACTED]

Thanks for all the help so far essexboy, I ran the fix and restarted. I've included the log of the quick scan in this post. The fix appears to have done some stuff though, after I restarted I had sound again! I didn't even need to find and reinstall the drivers, it appears the application fixed them for me.

Does it look like I'll be able to safely have my network card installed without having any viruses downloading more files and that I'll be able to open the browsers without it launching anymore unwanted processes?

Just curious, why do you have more then one OS installed?

When I got the laptop it already had Windows 2000 and Windows 95 pre-installed on it and I didn't already have a copy of 2000 before this. I still wanted a semi-supported OS though so I used a disk imaging tool in WinPE to take a image of the drive before I installed the current one in it. I wrote the 2000/95 image to a 20GB partition on the new drive then installed XP on the other partition so I could run more modern applications while still being able to keep 2000 for occasional use.

[Pondus]

do you have any need for Windows 2000 and Windows 95 ? ..... they belong on museum   

[essexboy]

Looks good now, try the net and let me know how it behaves

[REDACTED]

I'll do that. Thanks!

do you have any need for Windows 2000 and Windows 95 ? ..... they belong on museum   

Actually, I do. Windows 95 is DOS-mode only and I use it for running games that require DOS like Comanche Maximum Overkill and I use 2000 for testing compatibility with the applications I create. I've had allot of people tell me that I should stop using old operating systems but it's what I have and it's fun to see what you can do with a operating next to no one uses today. I even made this post in Windows 98 on my desktop, the forum has great support for Firefox 2.0.0.20

edit:
OK, I'm posting this from Windows 2000 and the browsers look all clean. The only thing I've really noticed that when sitting idle, even without having the network card plugged in task manager keeps charting frequent CPU spikes from 0-3% to 30-45% usage every 10 seconds or so. Is this just the system doing it's normal stuff or do you think it's a possible virus multiplying/infecting new files?

[essexboy]

Difficult to say as I have never used 2000      Which file does taskmanager have using the cycles

[REDACTED]

I watched the processes window  for a bit and noticed that whenever the spikes happened it was jqs.exe using that amount of power. Does that sound normal for that process?

[essexboy]

That is Java quick start in Firefox, unless you need Java I would highly recommend uninstalling it, as the last version that supported 200 has not been updated for a while and is a gapping security hole