Malware difficulty

To whom it concerns.

First of all, exceptionally clear and helpful site. Good job!

Fingers crossed at ths end for some useful advice. I've encountered some problems with spyware, extra ie windows popping up at random times and I'm continusouly finding new flaggedtiems with spyware removers. I decided to conduct a thorough clean on the house laptop (non-isolated use, but only 1 account).

I read through the read and run me firstpost, and completed the tasks (aslong as it took!). Logs attachedbelow. Everything appeared clear apart from the panda AS with 5 spyware hits.

Counterspy scan not included, it was blank (and assumedly a default output for a clean sweep).

Everything else reuiredis included,with order of scans and hkt insructions followed.

Any adivcefrom here on would be greatly apprecaited. Even just an idea of how clean (or not) the laptopis at the mo.

Kind regards,
Limishea

 

other logs attached,

Limishea

 

Download
- Pocket Killbox

Using Add or Remove Programs in the Control Panel; uninstall the following:

Install the current version of Adobe Acrobat Reader from: Adobe Acrobat Reader Download

Install Java Runtime Environment (JRE) 6 available from Sun Microsystems.

You are using MsConfig to prevent items from loading at Windows start. MsConfig is a diagnostic tool, and not intended to be used in the manner you are using MsConfig. Enable everthing you used MsConfig to disable. If you are recieving error messages, related to these items, at system start; we can fix this without using MsConfig.

Windows Messeger is running in the background on this computer, and represents a security risk. Remove Windows Messenger by running Uninstall Messenger. If you are using this as your IM client then replace it with MSN Messenger.

Copy the contents of the below quote box to Notepad; Save As FixReg.reg to your Desktop; make sure File Type: is set to All Files (*.*).

Close Notepad.

Locate FixReg.reg on your Desktop. Double-click on it and answer 'Yes' when asked if you want to merge with the registry.

Now Run HijackThis. Click the 'Do a system scan only' button. Place a checkmark in the box next to the following lines:

Click on the 'Fix checked' button. Wait for HijackThis to finish; close HijackThis.

Now run Pocket Killbox:

Choose Tools -> Delete Temp Files and click Delete Selected Temp Files
Then after it deletes the files click the Exit (Save Settings) button.

NOTE: Pocket Killbox will only list the added files it is able to find on the system. So when you do the below, if some files do not show in the list after pasting them in, just continue..

Select:

• Delete on Reboot
• then Click on the All Files button.
• Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
• Return to Killbox, go to the File menu, and choose Paste from Clipboard.
• Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).

If Killbox does not reboot or you get a Pending Operations type error message just reboot your PC yourself.

REBOOT to Normal Mode.

Post the following logs:
1. ShowNew
2. GetRunKey
3. HijackThis

 

Hi there,

I'm flabberghasted by the speed and detail of the reply. Many thanks. I've followed all instructions and attached the appropriate logs.

I've not had the additional advert windows opening in ie for a couple of mins but thats not to say I won't.

Also, no problems with killbox. Reboot was successful.

With regard MsConfig...I'd been informed by friends who I'd trust to be in the know that it can be acceptablke to only allow choice programs to run on start-up. I have noticed a long boot time with programs trying to run when I log into windows. Is it just plain better to run everything??

Thanks again for info,
Limishea

 

MsConfig is a diagnostic tool, whose sole purpose is to trouble shoot startup processes and services. It was never intended to be used the way your friends told you to use it. It's one of those Microsoft Urban Myths that those who think they are in the "Know" take as gospel when it is pure bunk. MsConfig should never be used to permanently disable anything, enable everything you have disabled. Unless some one here asks you to disable something with MsConfig, which is rare, don't use it.

Copy the contents of the below quote box to Notepad; Save As FixReg.reg to your Desktop; make sure File Type: is set to All Files (*.*).

Close Notepad.

Locate FixReg.reg on your Desktop. Double-click on it and answer 'Yes' when asked if you want to merge with the registry.

Run HijackThis. Click the 'Do a system scan only' button. Place a checkmark in the box next to the following lines:

Click on the 'Fix checked' button. Wait for HijackThis to finish; close HijackThis.

Now run Pocket Killbox:

Choose Tools -> Delete Temp Files and click Delete Selected Temp Files
Then after it deletes the files click the Exit (Save Settings) button.

NOTE: Pocket Killbox will only list the added files it is able to find on the system. So when you do the below, if some files do not show in the list after pasting them in, just continue..

Select:

• Delete on Reboot
• then Click on the All Files button.
• Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
• Return to Killbox, go to the File menu, and choose Paste from Clipboard.
• Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).

If Killbox does not reboot or you get a Pending Operations type error message just reboot your PC yourself.

Now boot into SAFE MODE

Open Windows Explorer navigate to and DELETE the following:

Now run CCleaner. If you have Windows XP delete the contents of C:\WINDOWS\Prefetch.

Then, as an added precaution, Go to Start -> Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:

Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.

REBOOT to Normal Mode.

Post the following logs:
1. ShowNew
2. GetRunKey
3. HijackThis

 

files attached

 

?? am getting some errors when trying to upload attachemets. says 'attachment in progress' but doesn't seem to get further than that..

Limishea

 

Try attaching your logs now.

 

logs from a cpl days ago.

Limishea

 

I need logs from today not a couple of days ago.

You still have items disable via MsConfig. MsConfig is not a startup manager it is a diagnostic tool, period. Enable everything that is disabled reboot and post logs from today.

 

Hi. thanks for the reply. Included logs just taken now.

I run msconfig and see nothign unticked. I do see some selection listed as 'stopped' , but they are still ticked to be enabled. It was my understanding that enabling everything would, well, anable everything.

Am I missing something here? Normal startup selected, everything in startup ticked? What else can be done?

Regards,
Limishea

 

Your logs look pretty good. What problems, if any, are you still having?