malware is not giving up

hi guys,
first of all, thanks so much for giving desperate users like me such an awesome support and detailed instructions to deal with problems.
My computer is an IBM Thinkpad, 1.6GHprocessor, 60G disk.
I have symantec as virusscanner, and since a few days it keeps coming up because of trojan malware. I tried spydoctor to remove the malware, but it seems I always got reinfected after reboot, and when I found your forum I did all the 7 steps according to your procedure. It already helped a bit- it seems I'm getting fewer spyware detections, but everytime I start a new scanner, it seems to find things. So I'm attaching the bdscan.txt, ActiveScan.txt and hijackthis.log , hoping you guys can tell me more. I'm usually quite careful with my surfing and never really opened a risky attachment, so I really have no idea what to do to get rid of it. ANY help from yourside would be great!!!!!
Thanks so much,
Jan

 

Download
- Pocket Killbox

Copy the contents of the below quote box to Notepad; Save As FixReg.reg to your Desktop. DO NOT run it as this time we will do that later in Safe Mode.

Close Notepad.

Run HijackThis. Click the 'Do a system scan only' button. Place a checkmark in the box next to the following lines:

Click on the 'Fix checked' button. Wait for HijackThis to finish; close HijackThis.

Now run Pocket Killbox:

Choose Tools -> Delete Temp Files and click the RED X.

Run Killbox.exe. Paste the below filenames into KILL BOX one at a time. Check mark the box that says "Delete on Reboot" and checkmark the box "Unregister DLL" (If available) Click the RED X and it will ask you to confirm the file for deletion say YES and when the next box opens prompting you to reboot now...click NO...and proceed with the next file. Once you get to the last one click YES and it will reboot. Note many of the file list below may not exist but we need to check for them anyway.

If Killbox does not reboot or you get a Pending Operations type error message just reboot your PC yourself.

Now boot into SAFE MODE

Locate FixReg.reg on your Desktop. Double-click on it and answer 'Yes' when asked if you want to merge with the registry.

Open ExplorerXP navigate to and DELETE the following: (Some of these may have already been deleted by Pocket Killbox)

Now run CCleaner. If you have Windows XP delete the contents of C:\WINDOWS\Prefetch.

Then, as an added precaution, Go to Start -> Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.

REBOOT to Normal Mode.

Post a fresh HijackThis log.

 

hi Shadow_Puter_Dude,
thanks so much for looking into this.
I did all the steps and had no problem (besides the computer didn't want to shut down from the safe mode, it takes it very long in normal mode too, but this time I had to interrupt the power supply. I guess that's another problem that doesn't have to do with malware).
I just ran the new log and attached it. Thanks again!!!
Jan

 

Your log is clean.

How is your computer running?

 

perfect! Since I followed your last steps, it's all set to normal, is responsive and none of the scanners bring malware up anymore. I also figured the problem with the slow shutdown according to http://windowsxp.mvps.org/slowshutdown.htm
and it turned out to be the pagefile problem. Feels like a new computer!
Shadow puter dude, thanks so much for your help. This is so awesome! I was quite worried I had to reinstall all software on my machine again, I just want to let you know how thankful I am. All best to you!
Jan

 

You are welcome.

Flush all your restore points and create a new clean one for your system.

Disable And Enable System Restore
How to Protect yourself from malware!

Safe surfing.

 

I'll do so and thanks again so much! have a great summer weekend!
Jan

 

You're welcome.