Can't even view the "How to run hijackthis" thread...followed the other steps...

Welcome to Major Geeks!

It appears that you have been working your problems on another site or you have been experimenting on your own. If you are working at another site, why are you coming here now. It is not a good idea to attempt working problems in multiple forums. If you wish to work here that's fine, but only work here unless we say we cannot help your. If you wish to continue working elsewhere that's fine too, just say so.

If you wish to contnue here, then follow the below instructions.


Copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it
double click it and allow it to merge with the registry.

Now download The Avenger by Swandog46, and save it to your Desktop. Make sure you download and use this version.

• Extract avenger.exe from the Zip file and save it to your desktop
• Run avenger.exe by double-clicking on it.
• Check the 'Input script manually' box.
• Click on the magnifying glass icon.
• Copy everything in the Quote box below, and paste it in the box that opens:

• Now click the 'Done' button.
• Click on the traffic light icon and OK the prompt.
• You will be prompted to restart, OK the prompt and your PC should reboot, if not, reboot it yourself.
• A log file from Avenger will be produced at C:\avenger.txt

Now run Ccleaner!

Now uninstall the below old versions of software:
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java 2 Runtime Environment, SE v1.4.2_03

Make sure you reboot after uninstalling the above!

After reboot, now install the current version of Sun Java from: Sun Java Runtime Environment


Now attach the below new logs and tell me how the above steps went.

1. Avenger
2. GetRunKey
3. ShowNew
4. HJT - see if you can run this now.

Make sure you tell me how things are working now!
If things are working better, you should try running the other tools too (like CounterSpy and Panda).

 

Then who had you download and use ComboFix and Avenger already.

 

A word of caution. Never run specialty tools like this without being advised to run them by an expert. These could be dangerous tools is use incorreclty. In addition, running some tools which are use for specific infections can cause undesired side effects if the infection does not exist.

Will CounterSpy and Panda run now? Don't run them at the same time!

 

NOD32 or AVG.



What is the below folder for? If not known, what do you see in the folder?

Code:

"C:\Documents and Settings\Doug\Desktop\"
LJLSJF~1      Jun  3 2007              "ljlsjfsdfo"

Run HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:9201
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - Startup: .protected
O20 - Winlogon Notify: efcaywu - efcaywu.dll (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)

NOTE: HJT may popup an error about the O4 - Startup: .protected line. Ignore it and click OK to continue.

After clicking Fix, exit HJT.

Copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it
double click it and allow it to merge with the registry.

We need to run Avenger again to remove some more files that appeared.

• Run avenger.exe by double-clicking on it.
• Check the 'Input script manually' box.
• Click on the magnifying glass icon.
• Copy everything in the Quote box below, and paste it in the box that opens:

• Now click the 'Done' button.
• Click on the traffic light icon and OK the prompt.
• You will be prompted to restart, OK the prompt and your PC should reboot, if not, reboot it yourself.
• A log file from Avenger will be produced at C:\avenger.txt

Now run Ccleaner!

Now run this Disable/Remove Windows Messenger to remove Windows Messenger.

Now attach the below new logs and tell me how the above steps went.

1. Avenger
2. GetRunKey
3. ShowNew
4. HJT

Make sure you tell me how things are working now!

Reminder Note: Once we have determined you are malware free you will need to disable System Restore, reboot, and re-enable system restore per step 8 of the READ & RUN ME. This only applies to if using WinXP or WinMe.

 

You still have not answered my question about whether CounterSpy will run now. I would like to see it run and a log from it (make sure you fix what it finds). After doing this we will be uninstalling it since it is only a trial. It often finds things that are not picked up in the other scans.

Also you need to delete the below files:
C:\OldDriveCopy\drivedold\OLDdrive\WINDOWS\SYSTEM\HTMDENG.EXE D:\backupStuff\drivedold\OLDdrive\WINDOWS\SYSTEM\HTMDENG.EXE
D:\backupStuff\OLDdrive\WINDOWS\SYSTEM\HTMDENG.EXE
D:\Proggy\WDVDP7\WinDVD Platinum 7\WinDVDkeygen.exe

Other than the above your current logs are clean.

How are things running?

 

Okay great! Make sure to Quarantine or Delete what it finds. We are close to being finished.

 

Just follow the below procedure now that you are clean.


If you are not having any other malware problems, it is time to do our final steps:

1. If we used Pocket Killbox during your cleanup, do the below
   • Run Pocket Killbox and select File, Cleanup, Delete All Backups
2. If we used ComboFix, you can delete the ComboFix.exe file, C:\ComboFix folder, C:\QooBox folder, and the C:\combofix.txt log that was created.
3. If we user SDFix you can delete all the SDFix related files and folders from your Desktop or whereever you installed it.
4. If we used VundoFix, you can delete the VundoFix.exe file and the C:\VundoFix Backups folder and C:\vundofix.txt log that was created.
5. If we had your run FixWareOut, you can delete the Fixwareout.exe file and the C:\fixwareout folder.
6. If we had you run Avenger, you can delete all files related to Avenger now.
7. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
8. You can delete the ShowNew.Zip and GetRunkey.Zip files and the files that you extracted from the ZIP files. You can also delete the C:\newfiles.txt and C:\runkeys.txt logs that were created
9. If you are running Windows XP or Windows ME, do the below:
   • go back to step 8 of the READ & RUN ME to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
10. After doing the above, you should work thru the below link:
    • How to Protect yourself from malware!

 

Actually I cannot recommend the new version of Ad-Aware. It is a resource hog and forces you to have a service running at all times. This service has been observed to be using anywhere from 20 to 80 Mb of RAM which is totally obsurd to have being wasted when the scanner is not even running.

Spywareblaster is not a scanner. Just run it once a month to check for updates. HijackThis is not a malware scanner either and does you no good to run it unless you know what you are looking for. It is only a specialty tool. The others can be run weekly or more if you do lots of surfing.

You need to install an antispyware blocker tool that has realtime blocking capability. The above don't do this. If you don't want to buy one, you could try using one of the below (only use one):

Comodo BOClean Anti-Malware

Spyware Terminator (Without Web Security Guard)

Yes!

 

You're welcome.

I repeat that SpywareBlaster is not a spyware/malware scanner. You only need to run it to get updates and it does not update that often.