Ran Removal Guide and have saved files for posting

Welcome to Major Geeks!

We also need the HijackThis log as requested in step 7! Be sure to follow the directions exactly!

Also you need to goto Add/Remove programs and uninstall the below:
Java 2 Runtime Environment, SE v1.4.2_03
Viewpoint Media Player"

 

Uninstall the Sunbelt CounterSpy trial since we are finished with it now! Then delete the below two folders which may be left behind by the uninstall:
C:\Documents and Settings\All Users\Application Data\Sunbelt Software
C:\Program Files\Sunbelt Software

Now download a tool we will need - Pocket KillBox

Save it to its own folder somewhere that you will be able to locate it later.


Now run Pocket Killbox by doubleclicking on killbox.exe

• select File, Cleanup, Delete All Backups
• Choose Tools > Delete Temp Files and click Delete Selected Temp Files.
• Then after it deletes the files click the Exit (Save Settings) button.

NOTE: Pocket Killbox will only list the added files it is able to find on the system. So when you do the below, if some files do not show in the list after pasting them in, just continue.

Select:

• Delete on Reboot
• then Click on the All Files button.
• Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

C:\dlcj.log
C:\dlcjscan.log
C:\WINDOWS\system32\stohndoerw.exe
C:\WINDOWS\system32\stohndoerw.dat
C:\WINDOWS\system32\stohndoerw_nav.dat
C:\WINDOWS\system32\stohndoerw_navps.dat

• Return to Killbox, go to the File menu, and choose Paste from Clipboard.
• Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt.

If you receive a PendingFileRenameOperations prompt, just click OK to continue (But if you do get this message, please let me know!)

If Killbox does not reboot just reboot your PC yourself.
After reboot run Windows Explorer and check to make sure the above file were really delete. If not, delete them yourself

Now run Ccleaner!

Now attach a new log from ShowNew.

How are things working?

 

Yes the same as the first time. Make sure you follow the directions for Pocket Killbox exactly. According to your log from ShowNew you did not delete the files I requested that you delete. Once you delete all of them, your problems will be gone. Follow the same directions again and make sure you have Pocket Killbox delete the files. As a back up, when rebooting with Pocket Killbox, boot into safe mode and make sure the files were delete yourself. If you still see them, try manually deleting them.

 

You're welcome!

Your log is clean. If you are not having any other malware problems, it is time to do our final steps:

1. If we used Pocket Killbox during your cleanup, do the below
   • Run Pocket Killbox and select File, Cleanup, Delete All Backups
2. If we used ComboFix you can delete the ComboFix.exe file and associated C:\combofix.txt log that was created.
3. If we user SDFix you can delete all the SDFix related files and folders from your Desktop or whereever you installed it.
4. If we used VundoFix, you can delete the VundoFix.exe file and the C:\VundoFix Backups folder and C:\vundofix.txt log that was created.
5. If we had your run FixWareOut, you can delete the Fixwareout.exe file and the C:\fixwareout folder.
6. If we had you run Avenger, you can delete all files related to Avenger now.
7. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
8. You can delete the ShowNew.Zip and GetRunkey.Zip files and the files that you extracted from the ZIP files. You can also delete the C:\newfiles.txt and C:\runkeys.txt logs that were created
9. If you are running Windows XP or Windows ME, do the below:
   • go back to step 8 of the READ & RUN ME to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
10. After doing the above, you should work thru the below link:
    • How to Protect yourself from malware!