Help have a process that i cant find info about on google

Please read the announcement and sticky threads. HJT logs should only be posted when requested. HJT should also be run in normal boot mode. In addition, your version of HijackThis is way out of date.

Please follow the steps below:

- Run ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal

Make sure you check version numbers and get all updates.

- Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.


After doing ALL of the above you still have a problem:

- Download HijackThis 1.99.1

- Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

- Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file.

- Before running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

- Run HijackThis and save your log file.

- Post your log as an ATTACHMENT to your next message. (Do NOT copy/paste the log into your post).

 

After completing the steps in my previous post run the steps below so we can find a bunch of hidden processes on your system.

Follow the steps below:

1 - Please EXTRACT all files from Qoologic Tool to its own folder - C:\Program Files\QoologicFinder . Then, DoubleClick Find-Qoologic.bat to run the tool. It should produce a log - Please attach that with your next post!

2 - Please EXTRACT all the files form RKFiles Tool to its own folder - C:\Program Files\RKTOOL. Then, Please boot to SAFE MODE and DoubleClick rkfiles.bat to run the tool. Let it run and then, when it finishes, look for a log at C:\Log.txt and please attach that log after rebooting back to normal mode.

After posting the above two logs, we will work up fix for your remaining problems.

 

Please download this tool too: ABIremover.zip

Unzip it to a folder of it's own in a location that you can find later but do not run ABIremover.exe yet. We may use it later.

 

Just allow the scanners to fix everything they can fix and note (by file name and path) what they do not fix.

Finish the remaining steps you had a lot of different problems.

 

I left three messages with things to do. Please complete those steps 100% and then report back. I did not ask for an Ad-Aware log but I did ask for a bunch of other things to be done. Please follow directions. If you run into any problems along the way, just keep going and report the problems when you come back.

 

Keep going!

 

Finish the steps I gave you in those three messages.

See messages 2, 3, and 4!

 

Don't forget to run ABIremover.zip too.

Your Qoologic scan did not run to completion. Or you posted the wrong log!

 

Yes I do want ABIremover run in safe mode.

Please give the full exact error message.

 

1.Click Start, click Run, type c:\windows\repair, and then click OK.
2.Right-click autoexec.nt, and then click Copy.
3.Click Start, click Run, type c:\windows\system32, and then click OK.
4.Right-click anywhere in that folder, and then click Paste.
5.Right-click the Autoexect.nt file that you just copied, and then click Properties.
6.Click to select Read-Only, and then click OK.
7.Repeat steps 1 through 6 to copy the Config.nt file.

Then try the Qoologic scan again.

 

Can I assume you were able to do what I requested in message # 24?

 

Before running Find-Qoologic.bat again, please boot into safe mode and run ABIremover. Then boot back to normal mode and run Find-Qoologic.bat .

 

Wait until we are done fixing the current problems before installing Firefox. It is part of my finishing instructions anyway. I'm looking at your log now.

 

Download Pocket Killbox and save it to its own folder where you can find it.

Read thru the below steps and make sure you understand them before starting. Ask questions if you have any before starting.

Run Killbox by double clicking on the killbox.exe file.

Check the following boxes:

Standard File Kill
End Explorer Shell While Killing file

Copy & paste (you must use copy & paste - typing will give an error) the full path of each of the files below (one at a time - see directions after the list) into the Full Path of File to Delete box.
C:\WINDOWS\System32\BQBNOOC.EXE
C:\WINDOWS\System32\VAVKNN.EXE
C:\WINDOWS\system32\vlvpnn.exe
C:\WINDOWS\system32\elitefmm32.exe
C:\WINDOWS\system32\elitergn32.exe
C:\WINDOWS\System32\PYPAV.DAT
C:\WINDOWS\JVJOK.DLL
C:\WINDOWS\system32\aqaka.dll
C:\WINDOWS\system32\delfin.dll
C:\WINDOWS\system32\goldnew2b.dll
C:\WINDOWS\system32\pacis.exe
C:\WINDOWS\system32\pop2.exe
C:\WINDOWS\system32\pop317.dll
C:\WINDOWS\system32\psoft1.exe
C:\WINDOWS\system32\saie1108.exe
C:\WINDOWS\system32\tdbOs.dlltmp
C:\WINDOWS\RLUninstall.exe
C:\WINDOWS\protector_update.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ncnk.exe



With the full path to the file name in the Full Path of File to Delete textbox. The filename will appear under the box in a blue color to indicate it was found. Now Click the Red X and for the confirmation message that will appear, you will need to click Yes. If the file is successfully delete you will get a message of confirmation. Just click OK!
Do this for each of the files listed. Some may not be deleted. Make sure you keep a list of them.

Now for any files not deleted properly above (the ones you wrote down), do the below (if all of them deleted, skip this step):
- in Killbox select the option to Delete on Reboot
- uncheck the option to End Explorer Shell While Killing file

Copy & paste the full path of each of the files you could not delete above into the box and then click the Red X and for the confirmation message that will appear, you will need to click Yes. A second message will ask to Reboot now? You will need to click No (since you are not finished adding all related files in yet).

When you do enter the last file name that needs to be deleted, click Yes on the last file.
Note: Killbox will let you know if the file does not exist.

Okay so now your PC should be reboot. If you get an error message about Pending Operations, just reboot your PC yourself.

After reboot run HijackThis and select the following lines (if they still exist) but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\System32\vlvpnn.exe
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)

After clicking Fix, get a new scan from HJT and post it here as an attachment and tell me the results of the above steps.

 

No! If we do not say safe mode, you should assume normal boot mode. We normally tell you when to be in safe mode. All other times you should assume normal boot mode.

 

That log looks clean! Are you having anymore problems? If not, you should follow the steps in the below thread to help keep you clean. You will see FireFox in one of the steps too.

How to Protect yourself from malware!

 

Recommendations are in the link I gave you. Any of the items listed are good. If you want to know what I prefer.... Avast and ZoneAlarm. ZoneAlarm can be rather resource hungry for some people so some prefer to use Sygate.

If you do not get to SP2, you will continue to have more problems. If you have compatibility issues with software or hardware you need to get updates from the vendors.

I do not understand what you are talking about with Ccleaner.

 

We do not recommend that you use that Tab. In fact in the READ ME FIRST we specifically state:

 

You're welcome!

 

What I had you do did not add any problems to your PC. They are just helping you to find additional garbage that is still hanging around hidden from normal viewing.

There are always many files that can be left hanging around on your PC that are due to malware but that are not easily visible in a HijackThis log. The same goes for literally hundreds of registry keys. Each spyware removal tool will almost always find things that another does not. That is one of the main reasons we have you run several of them.

Did you tell MS Antisypware to fix what it found? Did it fix everything or did it have problems with any of them? Running it in safe mode sometime helps to make it easier to fix problems.

If you now run SpySweeper, you may find even more items. You had a bunch of bad stuff on your PC. It is not unusal to have lots of junk like this found by running the additional scanners.

 

That is due to Windows memory dumps when there are problems. See this link:
http://castlecops.com/startuplist-1033.html