Brave Sentry malware whipping me.

Welcome to Majorgeeks!

If you cannot attach your logs, it will be difficult to help. Why don't you just get copies of the logs onto the PC you posted your message from? And then attach them.

I don't know where you are downloading your utilities from but if you do not download them from Majorgeeks, we cannot vouche for there authenticity. Please only download tools from Majorgeeks! CCleaner does not try to install spoolsvv.exe which is a Searchcentrix hijacker file.

 

In the future please follow the directions for properly obtaining and posting a Bitdefender log. What you posted is not what we request and it is too difficult to read?

Is your copy of Ewido a free trial version? If so, please uninstall it now.

Now go back to the READ & RUN ME and properly follow the directions. You did not download HijackThis from our link. As a result you are using a version of HijackThis that has not been used in about 2 years. I need a new log from the proper version of HijackThis before we can continue. Also this time make sure you do not use MSconfig to control startups like you were doing. This is also mentioned in step 7 of the READ ME. You must be in Normal Startup mode not Selective Startup.

 

Okay I'm waiting for the new HJT log.

 

Uninstall the below software:
Java 2 Runtime Environment, SE v1.4.2
Kazaa Media Desktop 2.1.1
Mozilla Firefox (1.0.4)

Now install the current version of FireFox from: Mozilla Firefox



The below is in your Email Sent Items folder. You should delete this:
Local Folders\Sent Items\sc-keylog2.exe
Make sure viewing of hidden files is enabled (per the tutorial).

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
F3 - REG:win.ini: load=
After clicking Fix, exit HJT.
Boot into safe mode and use Windows Explorer to delete:
C:\tttxxsp.chm
C:\Documents and Settings\Administrator\Application Data\Lycos <--- the whole folder
C:\WINNT\system32\cd_clint.dll
C:\WINNT\system32\inistone.ini
C:\WINNT\system32\ws386.ini

Now run Ccleaner (installed while running the READ ME FIRST).

Now reboot in normal mode
Now Copy the bold text below to notepad. Save it as fixWLK.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Now attach a the below new logs and tell me how the above steps went.

1. GetRunKey
2. ShowNew
3. HJT

Make sure you tell me how things are working now!

Reminder Note: Once we have determined you are malware free you will need to disable System Restore, reboot, and re-enable system restore per step 1 of the READ & RUN ME. This only applies to if using WinXP or WinMe.

 

Try using this Your Uninstaller! 2006 to remove it.

This is not a normal file. It is your part of your email application. I assume Outlook or Outlook Express???? Run it and look in your Local Folders\Sent Items folder.

 

Yes complete all the other steps!

 

Okay your logs are clean! How are things working?

 

No! You would have to run PandaActiveScan again to see if it still finds it. You said you could not locate the related email file.

 

I doubt these are malware related but I will give you one more scanner to run that will look for rootkits at the end of this message.

While a trojan named Haxdoor could cause a similar (but not exactly the same) error message, you never showed any signs of Haxdoor in your logs.

You should take this problem to the Software (or maybe Hardware) Forum. Also take a look at the below:

http://www.aumha.org/win5/kbestop.php


Now let's just check for a rootkit which I don't think we will find. Download Blacklight Beta

• Download blbeta.exe and save it to the Desktop.
• Once saved... double click blbeta.exe to install the program.
• Click accept agreement and Click scan
  This app too may fire off a warning from antivirus. Let the driver load.
  Wait for it to finish.
• If it displays any items...don't do anything with them yet. Just hit exit (close)
• It will drop a log on Desktop that starts with fsbl....big number

Please post contents of the BlackLight log.

 

You're welcome. Surf safely!