Need Help With HijackThis

Welcome to Major Geeks!

Please remain in one thread for your current malware problem. I merged the 3 threads you started back into one.

You did not run the very first scan that was requested from SUPERAntiSpyware!

What are your exact problems? You need to be much much more specific and tell us exactly what the problem is and where it is being found.

Your logs are not showing any malware problems.

 

Cookies are not problems! See step 11 of the below:

How to Protect yourself from malware!

And koolynoody.net is just something added to your Domains registry key by Spybot to protect you. Thus your Verizon AntiSpyware program is incorrect. They are looking at the name of the site rather than looking at the value in the registry key which is set to a 4 which means it was put into the Restricted Zone to block you from going to that site.

Also the detection of MGtools\process.exe is totally incorrect.

 

Re: Logs attached for Zlob removal...still have virtumonde

You have found it where?

I'm not sure what you are saying, but I think you are referring to what you see at the bottom of Spybot while it is running. This is not what it is detecting. This is what it is currently scanning for. The list at the end is what is detected. Thus it sounds to me like it detected nothing.

 

You're welcome. Now let's cleanup from running all the tools.



Copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Make sure that you tell me if you receive a success message about adding the above
to the registry. If you do not get a success message, it definitely did not work.

If you are not having any other malware problems, it is time to do our final steps:

1. You can uninstall SUPERAntiSpyware now.
2. We recommed you keep Malwarebytes Anti-Malware as a scanner. It uses no resources except a little disk space until you run a scan.
4. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop & renamed it like we requested.)
   • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
   • "%userprofile%\Desktop\combo-fix" /u
     • Notes: The space between the cf" and the /u, it must be there.
     • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
   • Delete the C:\cf folder from combofix.
5. If we used SmitFraudFix, you can delete all files and folders related to it now including the c:\rapport.txt log.
6. If we used VundoFix, you can delete the VundoFix.exe file and the C:\VundoFix Backups folder and C:\vundofix.txt log that was created.
7. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
8. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
9. Go to add/remove programs and uninstall HijackThis.
10. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
11. If you are running Vista, Windows XP or Windows ME, do the below:
    • Refer to the cleaning steps in the READ ME for your Window version and see the steps to Disable System Restore which will flush your Restore Points.
    • Then reboot and Enable System Restore to create a new clean Restore Point.
12. After doing the above, you should work thru the below link:
    • How to Protect yourself from malware!

 

You're welcome. Surf safely!