In Need of Help, Again

Change your passwords if your friend has them!
Delete his user account if he has one on your PC!
These kind of friends you don't need!


I'm going to post two sets of instructions below. Each will be enclosed in separate Quote boxes. Make sure to complete the first one 100% before moving on to the second one.

ATTACH THE FIRST LOG NOW BEFORE CONTINUING OR YOU WILL OVERWRITE IT!!!! And then immediately continue on to the below steps.

Now attach new logs from:

• GetRunKey
• ShowNew
• HJT

How are things working now?

 

What about the other logs?

 

And what about the answer to my question on how things are working?

Your logs look clean!

 

That's probably because you have Windows Defender, AVG AntiSpyware, and CounterSpy all installed. If CounterSpy and AVG are the trial versions uninstall them if you are not going to buy one of them and keep Windows Defender (but be aware that it is the least effective tool). You must only use one realtime malware blocker for long term operation. If you buy AVG AntiSpyware or CounterSpy, be sure to uninstall Windows Defender. Yes we asked you to install some during the cleanup, but that is a temporary process to help clean everthing up.

 

Change your passwords so that your "friend" does not have them. Also if you must allow your friend access on this PC, create an account for him but make it a restricted user account which should help somewhat to prevent him from installing more malware programs.

 

Run the below and attach the log:

Getting Uninstall Programs List From The Registry

 

Okay they were both related to the infection you had and that SmitFraudFix removed. Apparently it failed to cleanup these registry entries.


Now Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Also just double check and make sure the below folder does not exist. If it does then delete it.
C:\Program Files\Video AX Object

 

Okay, then I assume you are okay now. Like last time the final steps are the same, but make sure you study step 10 in the How to protect link. One key points for your your last problem is in the 3rd bullet where it talks about video codecs. Also let me emphasize step 9 of the How to protect link too.

If you are not having any other malware problems, it is time to do our final steps:

1. If we used Pocket Killbox during your cleanup, do the below
   • Run Pocket Killbox and select File, Cleanup, Delete All Backups
2. If we used ComboFix you can delete the ComboFix.exe file and associated C:\combofix.txt log that was created.
3. If we user SDFix you can delete all the SDFix related files and folders from your Desktop or whereever you installed it.
4. If we used VundoFix, you can delete the VundoFix.exe file and the C:\VundoFix Backups folder and C:\vundofix.txt log that was created.
5. If we had your run FixWareOut, you can delete the Fixwareout.exe file and the C:\fixwareout folder.
6. If we had you run Avenger, you can delete all files related to Avenger now.
7. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
8. You can delete the ShowNew.Zip and GetRunkey.Zip files and the files that you extracted from the ZIP files. You can also delete the C:\newfiles.txt and C:\runkeys.txt logs that were created
9. If you are running Windows XP or Windows ME, do the below:
   • go back to step 8 of the READ & RUN ME to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
10. After doing the above, you should work thru the below link:
    • How to Protect yourself from malware!

 

You're welcome! Yes all users should have there own password protected account. Make sure the Guest Account is disabled and make sure the Administrator account (which only shows in safe boot mode) is also password protected.

 

We did have everything cleaned up! These could be new issues or they could just be minor left over registry entries. I have no idea. If you want feedback, you must attach specifics or who is finding what and where. Logs are always a necessity.

 

None of these are problems!

The first is Spybot's Quarantine
The second is HijackThis's Backup/Quarantine
The third is in System Restore! Did you toggle system restore per the directions given in message # 18?


Remember all scanners typically have a quarantine/vault/backup type folder to store things they remove incase of a mistake in removing something. If you don't empty these quarantines, scanners will pickup the infection even though it is not a problem. That is why step 1 of the READ ME has the below line:

Once you are sure that you don't need any backups or quarantine items, they can be removed.

 

No problem! Better safe than sorry!

 

You're welcome. Surf safely!