Trouble removing trojans

Welcome to Major Geeks!

You only attached 3 of the 6 requested logs from the READ ME. Please attach the other three:

CounterSpy - only for Windows XP, 2K, & NT users
AVG Antispyware log - ONLY IF NEEDED you were not able to run CounterSpy. - only for Windows XP, 2K, & NT users
Bitdefender - from step 6
Panda Scan - from step 6


Then continue on with the below steps which will remove some more of your malware issues.

1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Attach this log to your next reply

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.


Now attach the below new logs and tell me how the above steps went.

1. ComboFix log
2. GetRunKey
3. ShowNew
4. HJT

Make sure you tell me how things are working now!

 

Then please attach the logs as was requested in the READ ME.

Why not? It was not optional.

 

Did you notice that your Panda log qwas very long due to picking up lots of stuff in your Norton Nprotect folder. In step 1 of the READ ME, we ask you to empty this along with quarantines. You need to do this now and then continue on with the below.

• Click on Start, then Run ... type services.msc into the box that opens up, and press 'OK'.
• On the page that opens, scroll down to DomainService
• then right click the entry, select Properties and press Stop Service.
• When it shows that it is stopped, next please set the Start-up Type to 'Disabled'.
• Click OK until you get back to Windows.

• Next, run HJT, but instead of scanning, click on the None of the above, just start the program button at the bottom of the choices.
• At the lower right, click on the Config button
• Then click the Misc tools button
• Select Delete an NT Service
• Copy/pasteDomainService into the box that opens, and press OK
• If you receive any error messages just ignore them and continue.
• Now exit HJT but do not reboot when it tells you it needs to. We will do that further down after running HJT again to fix some other items.

Uninstall the Sunbelt CounterSpy trial since we are finished with it now! Then delete the below two folders which may be left behind by the uninstall:
C:\Documents and Settings\All Users\Application Data\Sunbelt Software
C:\Program Files\Sunbelt Software

Also uninstall the below old versions of software:
J2SE Runtime Environment 5.0 Update 11
Java 2 Runtime Environment, SE v1.4.2_06


Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O15 - Trusted Zone: *.instanetforms.com
O15 - Trusted Zone: *.rexplorer.net
O15 - Trusted Zone: *.transactiondesk.com

After clicking Fix, exit HJT.
Boot into safe mode and use Windows Explorer to delete the below files:
C:\WINDOWS\system32\aiuqlwqv.ini
C:\WINDOWS\system32\spsulknc.ini

Now run Ccleaner

Now reboot in normal mode

Now attach the below new logs and tell me how the above steps went.

1. ShowNew
2. HJT

Make sure you tell me how things are working now!

 

Norton is totally offbase. MsiExec is Mircosoft Windows installer and it is use to install as well as uninstall.

As far as we are concerned, nothing should be given total permission to be trusted like that unless you absolutely need it and it absolutely will not work without it. I have yet to see some one prove to me that it is necessary. I have never had to add anything to my Trusted Zone. Yes a few programs added it during their installations, but I immediately removed it and everything still worked fine.

Yes, that is why I asked for a new log.

Your log is clean. If you are not having any other malware problems, it is time to do our final steps:

1. If we used Pocket Killbox during your cleanup, do the below
   • Run Pocket Killbox and select File, Cleanup, Delete All Backups
2. If we used ComboFix, you can delete the ComboFix.exe file, C:\ComboFix folder, C:\QooBox folder, and the C:\combofix.txt log that was created.
3. If we user SDFix you can delete all the SDFix related files and folders from your Desktop or whereever you installed it.
4. If we used VundoFix, you can delete the VundoFix.exe file and the C:\VundoFix Backups folder and C:\vundofix.txt log that was created.
5. If we had your run FixWareOut, you can delete the Fixwareout.exe file and the C:\fixwareout folder.
6. If we had you run Avenger, you can delete all files related to Avenger now.
7. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
8. You can delete the ShowNew.Zip and GetRunkey.Zip files and the files that you extracted from the ZIP files. You can also delete the C:\newfiles.txt and C:\runkeys.txt logs that were created
9. If you are running Windows XP or Windows ME, do the below:
   • go back to step 8 of the READ & RUN ME to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
10. After doing the above, you should work thru the below link:
    • How to Protect yourself from malware!