Something i:e Malware or trojan Attack

Welcome to Major Geeks!

The first thing I suggest you do is to undo whatever you did with HijackThis. %WINDIR% is an environment variable that mean your Windows installation folder. If you delete the wrong thing related to this, your PC would not even boot. So since I'm not sure what you have been doing on your own nor whether you even have any malware problems at all, it would be best if you undid/restored anything you have removed.

Also please proof read your messages before posting. Your post was not very clear. Please use proper punctuation and sentence structure with capitalization so messages can be more easily read.



Now please follow the instructions in the READ & RUN ME FIRST link given futher down and attach the requested logs when you finish these instructions.

• If you have problems where no tools seem to run, please try following the steps given in the below and then continue on no matter what you find. You only need to try the TDSSserv steps if having problems getting scans in the Read & Run Me First. If TDSSserv is not found, just continue on with the READ & RUN ME.
  • TDSSserv Non-Plug & Play Driver Disable

READ & RUN ME FIRST. Malware Removal Guide

• If something does not run, write down the info to explain to us later but keep on going.
• Do not assume that because one step does not work that they all will not.

• After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!

Helpful Notes:

1. If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:
   
   • Starting your computer in Safe mode
2. If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware, Malwarebytes and Spybot ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.
3. If you cannot seem to login to an infected user account, try using a different user account (if you have one) in either normal or safe boot mode and running only SUPERAntiSpyware and Malwarebytes while logged into this other user account. Then reboot and see if you can log into the problem user account. If you can then run SUPERAntiSpyware, Malwarebytes, ComboFix and MGtools on the infected account as requested in the instructions.
4. To avoid additional delay in getting a response, it is strongly advised that after completing the READ & RUN ME you also read this sticky:
   • Don't Bump! It Only Hurts You!!!

Any additional post is a bump which will add more delay. Once you attach the logs, your thread will be in the work queue and as stated our system works the oldest threads FIRST.
​

 

Re: Why is This Happening after R M R

No! We don't need or request logs from CCleaner. We do however need the SUPERAntiSpyware, Malwarebytes, and RootRepeal logs requested in the READ & RUN ME. However based on what you have attached thus far my initial assumption that you are not having malware problems may still be correct.

 

Re: Why is This Happening after R M R

It's right here

Code:

"C:\Users\Louie\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Logs\"
26 Jun 2009         465  "SUPERAntiSpyware Scan Log - 06-26-2009 - 17-07-39.log"

But based on the size, nothing was found by it either. I would still like to see a RootRepeal log. Try running it again and tell me exactly what happens. If it has a crash, try the below settings change.


Please run RootRepeal again but before running the scan, click the Settings menu selection at the top and then select Options. Then click the General tab. Now the are under the Disk Access Level, slide the slide bar all the way to the bottom so that the text to the right of the slider shows High Level

Then run a scan and attach the new log. Hopefully it runs this time.


But let me repeat this again in bold print, it is unlikely that you problem is due to malware. You should post in the Software Forum and attempt to debug which application that you are running is causing the problem.

 

As stated earlier, your logs are clean. You just have left overs from Symantec that need to be cleaned up since it did not uninstall properly.

Please run the below then reboot. After reboot run it one more time.

Norton Removal Tool (SymNRT)



If you are not having any other malware problems, it is time to do our final steps:

1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
2. If we used Pocket Killbox during your cleanup, do the below
   • Run Pocket Killbox and select File, Cleanup, Delete All Backups
3. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
   • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
   • "%userprofile%\Desktop\combofix" /u
     • Notes: The space between the combofix" and the /u, it must be there.
     • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
5. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
6. Go to add/remove programs and uninstall HijackThis.
7. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
8. If you are running Vista, Windows XP or Windows ME, do the below:
   • Refer to the cleaning procedures in step 3 the READ ME for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
9. After doing the above, you should work thru the below link:
   • How to Protect yourself from malware!