Hijack this log, need help on what to remove.

Your log is clean. If you are not having any other malware problems, it is time to do our final steps given below. This time, do not skip any of them like you did last time. Complete each step since you do still have many of these temporary items laying around.

1. If we used Pocket Killbox during your cleanup, do the below
   • Run Pocket Killbox and select File, Cleanup, Delete All Backups
2. If we used ComboFix you can delete the ComboFix.exe file and associated C:\combofix.txt log that was created.
3. If we user SDFix you can delete all the SDFix related files and folders from your Desktop or whereever you installed it.
4. If we used VundoFix, you can delete the VundoFix.exe file and the C:\VundoFix Backups folder and C:\vundofix.txt log that was created.
5. If we had your run FixWareOut, you can delete the Fixwareout.exe file and the C:\fixwareout folder.
6. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
7. You can delete the ShowNew.Zip and GetRunkey.Zip files and the files that you extracted from the ZIP files. You can also delete the C:\newfiles.txt and C:\runkeys.txt logs that were created
8. If you are running Windows XP or Windows ME, do the below:
   • go back to step 8 of the READ & RUN ME to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
9. After doing the above, you should work thru the below link:
   • How to Protect yourself from malware!

 

BSODs could be malware related but more frequently they are not. You may have to post this in the Software Forum, but first let me ask some questions.

• exactly when did it occur
• does it happen all the time
• does it happen in safe mode
• doesn't the message have more info than that? Post all of the message.

 

I still need to know exactly when this is occurring!
Is it at boot up?
Is it after running for awhile?
Is it at shutdown?
Can you bootup and get your system running at all?
I still need to know about safe mode operation?

If you cannot boot at all, it will be difficult to try and do anything other than a repair install or a rebuild.

The Haxdoor virus has been know to cause a problem where these error messages may appear. But there are many other reasons why this could occur that have nothing to do with malware. See the below for more info on the Haxdoor related problems and a possible solution from Microsoft:

The HaxDoor virus may cause a "STOP 0x00000050" or "STOP 0x0000008e" error message

 

Does it happen everytime? If so, that would mean you cannot do anything in normal boot mode. If this correct.
Does is happen if you login to a different user account?

Do the below (in any boot mode you can do it in).

Click Start, Run, and enter cmd and click OK. This will open a command prompt window. In the command prompt window enter sfc /scannow and hit the enter key to execute the command. This may ask you for your Windows CD if any system files are found to be missing of corrupt so be sure to have your CD available.

Now do please download Blacklight Beta

• Download blbeta.exe and save it to the Desktop.
• Once saved... double click blbeta.exe to install the program.
• Click accept agreement and Click scan
  This app too may fire off a warning from antivirus. Let the driver load.
  Wait for it to finish.
• If it displays any items...don't do anything with them yet. Just hit exit (close)
• It will drop a log on Desktop that starts with fsbl....big number

Please post contents of the BlackLight log.



Also if still having problems, I recommend you use the below to perform a memory test.

Download and run this: Memtest86+


More questions!

• In message # 51 time frame this problem was not occurring. Is that correct?
• Exactly what was changed on the system afterwards?
• Did you do all of the steps in message # 52?
• Did you toggle system restore?
• Did you system work okay after doing message # 52?

 

Okay no Rustok.b rootkit showed which is good.

Did sfc find any problems?

Please respond about other user accounts!

Also run the memory test.

Also please download the current version of GetRunKey from the READ & RUN ME and then attach new logs from

• GetRunKey
• ShowNew
• HJT

 

Thats because the download package is a bootable .iso file. This is used to create a bootable CD from which you run the memory test. Floppy versions are available at the authors site. That is if you have a floppy disk.

 

If other user accounts work fine then you do not have memory problems to worry about. Sounds more like your user account is corrupted.

It could be a form of registry corruption.

It could also be that things that load on your user account, do not load when booting on the other user accounts and thus you could have a software conflict.

Either way you are not having malware problems and I suggest you dicuss this in the Software Forum which would be more appropriate.