HJT Log Attached. Help.

Alright people. I'm not nearly as computer-literate as I once was. A lot has changed in the last 7 or 8 years (last time I considered myself literate).

I am attaching my HJT Log. Any help at all would be GREATLY appreciated.

• Edit by bjgarrick: Unrequested, Inline HJT log removed!

 

Oh yeah. To show you that I have tried to get rid of a bunch of crap... This log printed off 6 pages of crap earlier today. Now it's down to 3.

I am also having fits with XP tellig me that I may not have a valid version of XP Pro. How do I get around this?

 

Welcome to MajorGeeks.com, please follow our standard cleaning procedures:

http://www.majorgeeks.com/images/grenade.gif Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support

• Make sure you check version numbers and get all updates.

http://www.majorgeeks.com/images/grenade.gif Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

http://www.majorgeeks.com/images/grenade.gifAfter doing ALL of the above and you still have a problem, make sure you have booted to normal mode and run the steps in the below thread to properly use HijackThis and attach the log:

http://www.majorgeeks.com/images/grenade.gif Downloading, Installing, and Running HijackThis

• Make sure you also rename HijackThis.exe as suggested in the procedures. Use analyse.exe for the new name. This is very important due to some new infections going around..

http://www.majorgeeks.com/images/grenade.gif In your next post, please make sure you attach the following logs and that you have run these scans in the following order:

• CounterSpy - ONLY IF you were not able to run Windows Defender
• Bitdefender - from step 6
• Panda Scan - from step 6
• runkeys.txt - the log from GetRunKey.bat
• newfiles.txt - the log from ShowNew.bat
• HijackThis

NOTE: You can only attach 3 files in a single message so it will require that you use two messages to attach all of these logs!

 

I am attaching the following logs to this post:
CounterSpy
BitDefender
PandaActiveScan.


*****Note*****
PandaActiveScan kept freezing up in Safe Mode. Once it completed the scan it would lock up and show as "not responding". However, it was showing 33 spywear items found.

So, I ran the scan again once I booted up in reg mode. It only found 3 then. That's why my logfile for Active Scan only shows 3 files.

 

Attached:

GetRunKey Report
ShowNew Report
HJT Log (Updated)

 

Please relocate HJT to a safer location such as C:\Program Files\HJT. Also, rename Hijack This.exe to something like "analyzethis.exe". Afterwards attach a fresh HJT log from the new location.

 

Done. I'm not sure what I did wrong, but I'll do anything at this point.

 

Your HJT log looks good, what problems are you currently having?

 

When I run an Avast scan at start-up, two things that it doesn't like are always found.

- win32:Adware-gen. [Adw]
- win32:CTX

Also, anytime we close out internet explorer, we get an error message:

Yahoo! Browser has encountered a problem and needs to close. We are sorry for the inconvenience.

***This happens after it has already closed out and is no longer showing in my application tab***

I just had some things happening that were weird. It could be due to the fact that my version of XP is not on the up and up (according to the star near the clock on my desktop). I can't update IE because of this.

 

Can you provide more information on these detections? Is it files? Registry Entries?

I think your're talking about the WGA notifications meaning your copy of Windows is not genuine. This is a security risk as you can't update, I would try to address this.

 

The WGA notification is currently a pain in my butt. I'm working on it.

The files that Avast is prompting me about are as follows:

File C:\System Volume Informatio_restore{BC45ACE8E-48EF-4180-A24A-2CB525C2625D}\RP331\A0023786.DLL is infected by win32:Adware-gen. [Adw]

&

File C:\WINDOWS\system32\Activescan\pskavs.dll is infected by Win32:CTX
***This one might be a false positive?***

 

This is showing there is an infected file in one of your system restore points. Follow the below instructions and it will take care of this.

This is most likely a false positive, not a threat however if you want to we can remove the file.

I would like you to flush your System Restore points. Please follow the instructions in the below:

• Disable and Re-enable System Restore
  
  
• Turn OFF System Restore to flush any bad Restore Points.
  
  
• Then, follow the instructions at the bottom of the linked page to Re-enable the Restore Utility which will create a fresh restore point.