please can someone help me :(

I'm going to post two sets of instructions below. Each will be enclosed in separate Quote boxes. Make sure to complete the first one 100% before moving on to the second one.

ATTACH THE FIRST LOG NOW BEFORE CONTINUING OR YOU WILL OVERWRITE IT!!!! And then immediately continue on to the below steps.

Now after attachin the above two logs, you need to continue with the below since you may have other issues too!

• Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
• Make sure you check version numbers and get all updates.
• Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

• After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:

Downloading, Installing, and Running HijackThis​

Make sure you also rename HijackThis.exe as suggested in the procedures. Use analyse.exe for the new name. This is very important due to some new infections going around.​

• When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too:
  • CounterSpy
  • AVG Antispyware log - ONLY IF NEEDED you were not able to run CounterSpy
  • Bitdefender - from step 6
  • Panda Scan - from step 6
  • runkeys.txt - the log from GetRunKey.bat
  • newfiles.txt - the log from ShowNew.bat
  • HijackThis

NOTE: You can only attach 3 files in a single message so it will require that you use two messages to attach all of these logs!

 

Okay that found things as I suspected. Let's see rapport.txt number 2!

 

Don't worry about it. Just continue on now to my next steps. These will take you awhile to run. Just complete all of the steps and come back and attach all of the logs.

 

Okay! Continue on to the all the other steps! It is best if you complete all steps before coming back to post. You should be offline while doing much of the procedure.

 

There is no reason why the other steps of the READ ME (including GetRunKey and ShowNew ) should not run on your PC. If you are getting error messages, you need to observe the ones describe on the download pages for GetRunKey and ShowNew. And if any of those messages are what you are seeing, apply the appropriate fix. If those are not the messages you are receiving then you must give the exact word for word message that you are receiving.

In addition you need to follow steps in the order written! Bitdefender and PandaActiveScan must be run BEFORE any of the following GetRunKey, ShowNew, or HJT.

We don't need a log from your AVG antivirus program unless it is reporting something that the others are not.

 

You are not following the directions on the download pages for ShowNew and GetRunKey. ALL files must be extracted from the ZIP file and you MUST run the .bat files from a Windows Explorer session as explained. Also you must check to make sure you are not getting any of the two error messages mentioned.

Please follow the directions step by step and attach logs from both tools. The newfiles.txt log you attach is not complete because the instructions were not followed.

 

Okay you got GetRunKeys extract and run properly at least. Now you need to run ShowNew and attach a new log since you also have it extracted to your Desktop.

Then got back and do step 2 of the READ & RUN ME properly. You did not follow those directions. Make sure you follow each step for your Windows version. It looks like the only item you did not do properly was to Uncheck the option for Hiding extensions for know file types.

 

All you have to do is run ShowNew.bat just like you did GetRunKey.bat. You already have it extracted to your Desktop. Just double click on it to run it and the log will be created. Just make sure you double click on ShowNew.bat and not ShowNew.zip which is also still on your Desktop.

 

Okay! Now you got it!

Uninstall the below software:
J2SE Runtime Environment 5.0 Update 9
System Alert Popup

Make sure you reboot after uninstalling the above!

After reboot, now install the current version of Sun Java from: Sun Java Runtime Environment

Also uninstall the Sunbelt CounterSpy trial since we are finished with it now! Then delete the below two folders left behind by the uninstall:
C:\Documents and Settings\CFK User.COMPUTER-5ED6C3\Local Settings\Application Data\Sunbelt Software
C:\Program Files\Sunbelt Software


Did you choice to setup your start pages to blank.htm? If not, add the below 2 items to the HJT fix list below.
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm


Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone
O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone

After clicking Fix, exit HJT.

Now reboot in normal mode

Now Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Now locate the below folder and delete it if found:
C:\Program Files\Video ActiveX Object

Now run Ccleaner

Now attach the below new logs and tell me how the above steps went.

1. GetRunKey
2. ShowNew
3. HJT

Make sure you tell me how things are working now!

Reminder Note: Once we have determined you are malware free you will need to disable System Restore, reboot, and re-enable system restore per step 1 of the READ & RUN ME. This only applies to if using WinXP or WinMe.

 

Uninstall it, reboot (don't skip the reboot) then reinstall!

Let me know if it is okay now. If not, tell me they complete version number you are running.

Did you complete my last instructions? If so, I need to see the logs!

 

Yes AVG is the subject!

 

AVG free is available for download from Majorgeeks! AVG Free Edition

 

Already gave it to you in message # 27.

 

No! it is not serious! Don't click on it.
You did not do ALL of the steps I gave you in message # 21. At a minimum I can tell the registry patch was not done and it does not look like you fixed everything with HijackThis. Please go back and make sure you follow ALL steps and in the order given. Then attach new logs.

 

I'm sorry but your runkeys.txt log still indicates otherwise. Are you sure you are adding the fixME.reg registry patch to the registry exactly as specified. Are you getting a message that indicates it was successfully added? Because based on the runkeys.txt log it is not being added to the registry. Let's try again, but this time I'm going to add some additional items to it that HijackThis does not seem to be fixing either.

First delete the below! This is not the correct place to run HijackThis from! You had it better (not what was requested but better) in earlier logs. Only run the one in C:\Program Files\analyse.exe\analyse.exe from now on!

C:\Documents and Settings\CFK User.COMPUTER-5ED6C3\Desktop\analyse.exe\analyse.exe

Now Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Make sure you get a success message!!! And if you get any popups asking about adding this to the registry or from your antivirus or antispyware programs about a change being made, make sure you allow this change.

Then attach news log from GetRunKey and HijackThis!

Are your problems with AVG resolved now?

 

Which directions did you follow this time? Which registry patch did you add into the registry this time? The one from message number 34 as instructed or the previous one from message # 21. It looks like maybe you finally did #21 correctly (what were you doing wrong before), but you were supposed to do what is in message # 34.

We are not going any further until you follow the instructions in message number 34 (all of the instructions in the message). You still did not delete the improperly installed version of HijackThis and you are therefore still running it wrong.

 

Well you did add in the correct registry patch now! And it finally fixed what we needed to fix!

But you are till not following all directions! You must slow down. And read all steps and follow them in the order written. I have requested multiple times that you do the below:

And you still have not done this. It may not matter anymore now if all your problems are resolved.

So let me ask whether you are still having any problems?

 

You're welcome.

Now it is time to do our final steps:

1. If we used Pocket Killbox during your cleanup, do the below
   • Run Pocket Killbox and select File, Cleanup, Delete All Backups
2. If we used ComboFix you can delete the ComboFix.exe file and associated C:\combofix.txt log that was created.
3. If we user SDFix you can delete all the SDFix related files and folders from your Desktop or whereever you installed it.
4. If we used VundoFix, you can delete the VundoFix.exe file and the C:\VundoFix Backups folder and C:\vundofix.txt log that was created.
5. If we had your run FixWareOut, you can delete the Fixwareout.exe file and the C:\fixwareout folder.
6. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
7. You can delete the ShowNew.Zip and GetRunkey.Zip files and the files that you extracted from the ZIP files. You can also delete the C:\newfiles.txt and C:\runkeys.txt logs that were created
8. If you are running Windows XP or Windows ME, do the below:
   • go back to step 8 of the READ & RUN ME to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
9. After doing the above, you should work thru the below link:
   • How to Protect yourself from malware!