Help needed: files attached

Thanks for all the help on "READ & RUN ME FIRST"

Having done all that was asked, I have attached the files requested with this post:
CounterSpy.txt
Activescan.txt
hijackthis.log

Next post:
bdscan.txt

 

Re: Help needed: files attached (2 of 2)

Attached:

bdscan.txt

 

Since I can't edit my posts, I guess I have to add another one.

Here are the 2 missing files.

 

What HAVE you been installing ?

Can you explain any of the following ? Which ones appear in Add/Remove Programs

Please attach the vundofix log in the root of c: for me to see.

 

Since I dont know where that list is from, I will only leave ones that I don't recognize:

"DisplayName"="CCScore"
"DisplayName"="ESSBrwr"
"DisplayName"="ESSCDBK"
"DisplayName"="ESScore"
"DisplayName"="ESSgui"
"DisplayName"="ESShelp"
"DisplayName"="ESSini"
"DisplayName"="ESSPCD"
"DisplayName"="ESSPDock"
"DisplayName"="ESSSONIC"
"DisplayName"="ESSTOOLS"
"DisplayName"="essvatgt"
"DisplayName"="essvcpt"
"DisplayName"="HLPPDOCK"
"DisplayName"="kgcbase"
"DisplayName"="KSU"
"DisplayName"="Notifier"
"DisplayName"="OfotoXMI"
"DisplayName"="OTtBP"
"DisplayName"="OTtBPSDK"
"DisplayName"="SFR"
"DisplayName"="SHASTA"
"DisplayName"="SKIN0001"
"DisplayName"="SKINXSDK"
"DisplayName"="staticcr"
"DisplayName"="Sudoku"
"DisplayName"="Sudoku"
"DisplayName"="TI1620/1520"
"DisplayName"="VPRINTOL"
"DisplayName"="WIRELESS"

I have attached vfixundo.txt

 

DO any of the above that you don't recognise appear in add/remove programs ?

Please download the zip file attached to this post and extract both files to a folder where you will be able to find them

Run the .bat file (NOT the executable) and attach the log it will create in the root of c: This will give me a list of processes and what modules are loaded into each process so I can see what your remaining vundo infection is hooked into.

 

There was no file attached to your post.

 

Oops. Sorry.

Try now.

 

gethookeddlls.txt attched

 

Goto Add/Remove Programs in control panel and uninstall the following:

The installed version of Java on this compter is out-dated.
Install Java Runtime Environment (JRE) 5.0 Update 8 available from http://java.sun.com/javase/downloads/index.jsp.
Uninstall all older versions of Java on your computer, before installing the latest version of Java.


Download

- Pocket KillBox

Extract to its own folder somewhere that you will be able to locate later.

IMPORTANT: You should print or save the below locally, so you can refer to them while offline. You must exit all browsers before running the below steps and it would be best if you actually physically unplug your cable to the internet, reboot, and do not run anything but what I give you to do. Also it would be good to exit all processes and items in your System tray.

Do the above before continuing! Okay unplug your cable now.

Make sure you have rebooted in Normal Mode (do not open any other processes)



Run HijackThis. Click the 'Do a system scan only' button. Place a checkmark in the box next to the following lines:

Click on the 'Fix checked' button. Wait for HijackThis to finish; close HijackThis.

Now run Pocket Killbox:

Choose Tools -> Delete Temp Files and click the RED X.

Run Killbox.exe. Paste the below filenames into KILL BOX one at a time. Check mark the box that says "Delete on Reboot" and checkmark the box "Unregister DLL" (If available) Click the RED X and it will ask you to confirm the file for deletion say YES and when the next box opens prompting you to reboot now...click NO...and proceed with the next file. Once you get to the last one click YES and it will reboot.

If Killbox does not reboot or you get a Pending Operations type error message just reboot your PC yourself.

Now boot into SAFE MODE

Open Windows Explorer navigate to and DELETE the following: (Some of these may have already been deleted by Pocket Killbox)

If you have Windows XP delete the contents of C:\WINDOWS\Prefetch.



REBOOT to Normal Mode.

Post a fresh HijackThis log, a new shownew log, and a new runkeys log. and rerun your AV scans.