HJT Log

I have completed the steps indicated in the cleaning procedure found at this link:

http://forums.majorgeeks.com/showthread.php?t=35407

I've attached the 3 logs requested in the link above:

activescan.txt
bdscan.txt
hijackthis.log

I took notes as i followed the steps above documenting everything I did so if you'd like to see those just ask. I hope someone can help me I'd really appreciate it.

Thanks

 

I forgot to add the computers spec.

dell demension 3000
XP Home SP2 (build 2600)
2.40 ghz Intel Pentium 4
40Gb HD
256MB ram

If you need any more info, just ask.

Thanks

 

please help. is anybody out there? pleeeeeeeease help. please please please please please.

 

Uninstall SystemDoctor

Follow the direction for SpywareQuake & SpyFalcon Removal Procedure.

Post the report from SmitRem and a fresh HijackThis log. When finished.

 

Thanks so much for the reply/help Shadow_Puter_Dude.

Of all the files and folders that were asked to be deleted only the %System32%\cfgmngr32.dll was found. I renamed it to .ddd and deleted it at the appropriate time.

When I ran smitRem it found trust cleaner but was unable to locate the files to delete/uninstall it.

%System32%\autodisc32.dll was not found but %System32%\autodisc.dll was. Is that file bad too?

During all this before, after, and during I never saw anything relating to Spyware Quake.

I've attached the smitfiles.txt and new hijackthis.log files.

I hope this is the info you need. Thanks so much for you time, I really appreciate it.

 

Quick question do you now or have had ClamAV installed?

 

As far as I know I do not now and never have had ClamAV installed.

As I mentioned in my first post, I took notes/documneted what I did/happened as I followed the steps. The following is probably worth noteing:






Step 5: Cleaning Malware

• I booted into safe mode and phiscaly upluged the nic cable.

• I ran ccleaner in all user accounts.

• I ran all the programs I was instructed to. Windows Defender worked in safe mode but did not work in normal mode. In normal mode I get the following error messages at startup, at least one of them relates to Windows Defender:

I click OK and then I get this message:

After that I receive the following message:

I sent the error report.

Then the C:\WINDOWS directory opens up. I just close it and nothing else happens.

• In Normal mode I ran CounterSpy seeing as Windows defender didn’t work. It started but eventually froze up, so I was able to complete the scan.

I hope this helps you help me. Thanks again.

 

Move HijackThis to C:\Program Files\HJT. Rename hijackthis.exe to analyse.exe. Do this now, before proceeding.

Windows Messeger is running in the background on this computer, and represents a security risk. Disable Windows Messenger by running Shoot The Messenger. If you are using this as your IM client then replace it with MSN Messenger.

Download
- Pocket Killbox

Run HijackThis. Click the 'Do a system scan only' button. Place a checkmark in the box next to the following lines:

Click on the 'Fix checked' button. Wait for HijackThis to finish; close HijackThis.

Now run Pocket Killbox:

Choose Tools -> Delete Temp Files and click the RED X.

Run Killbox.exe. Paste the below filenames into KILL BOX one at a time. Check mark the box that says "Delete on Reboot" and checkmark the box "Unregister DLL" (If available) Click the RED X and it will ask you to confirm the file for deletion say YES and when the next box opens prompting you to reboot now...click NO...and proceed with the next file. Once you get to the last one click YES and it will reboot. Note many of the file list below may not exist but we need to check for them anyway.

If Killbox does not reboot or you get a Pending Operations type error message just reboot your PC yourself.

Now boot into SAFE MODE

Open Windows Explorer navigate to and DELETE the following: (Some of these may have already been deleted by Pocket Killbox)

Now run CCleaner. If you have Windows XP delete the contents of C:\WINDOWS\Prefetch.

Then, as an added precaution, Go to Start -> Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.

REBOOT to Normal Mode.

Follow the directions for Running WinPfind by OldTimer.

Post WinPFind.txt and fresh HijackThis log.

 

Everything seemed to work except WinPfind. Everytime I ran it it just disappeared after 2 to 3mins. Once it froze on me, went to task manager and it was not responding.

I never saw a message in the titlebar saying 'Not responding' only in the task manager.

Whether it froze or just shutdown the hard drive light wasn't flashing afterward.

I did however run hijackthis and attached the log.

Thanks a million.

 

You did not rename hijackthis.exe to analyse.exe as requested; it is critical that you do so.

Follow the directions for Using GetRunKey and Using ShowNew.

Post runkeys.txt, newfiles.txt, and a fresh HijackThis log from the renamed hijackthis.exe.

 

Shadow_Puter_Dude, I can't thank you enough for all your help. This was my friends PC and he couldn't wait any longer and took it back. So thanks again I really appreciated it.

Till next time,
benodictine

 

You're welcome.

Sorry your freind couldn't wait, the computer wasn't clean.