Malware problems please help

I have run through the general malware removal post and have attached the following:

Counterspy log
Bit defender log
2nd Counterspy log

(was having trouble getting Panda activescan to run without hanging so ran counterspy a 2nd time to see if it helped, had to restart the system a couple of times too)

also have logs from:

Panda active scan
Getrunkey
Shownew
Hijackthis

will attach the next three in next post.

Lee

 

some more logs:

panda, runkeys and newfiles

 

Please download VundoFix.exe to your desktop. Reboot into Safe Mode and then procede with the below.

• Double-click VundoFix.exe to run it.
• Click the Scan for Vundo button.
• Once it's done scanning, click the Remove Vundo button.
• You will receive a prompt asking if you want to remove the files, click YES
• Once you click yes, your desktop will go blank as it starts removing Vundo.
• When completed, it will prompt that it will shutdown your computer, click OK.
• Turn your computer back on.
• Please post the contents of C:\vundofix.txt and a new HiJackThis log.

 

thankyou for your time,

How stupid am i, I actually worked out that Vundo must be the/a problem, and ran Vundofix before i posted but it didn't find anything, because i missed one tiny thing - run it in safe mode.

Vundofix text reads as follows:

Edit by bjgarrick: Inline log attached!

This seems to suggest it didn't get it, but i ran the scan again and it did not find the files again. I have attached a new hijackthis log, i assume the next target would be opnnlij.dll whatever that may be.

Lee

 

Ah ha,

I ran Vondofix again as administrator in safe mode with hidden files visible and got rid of some more stuff, so new log has this extra:

Edit by bjgarrick: Inline log attached!

New hijack this log attached, which to the inexpert eye looks fine but could do with expert opinion.

Lee

 

Download Pocket KillBox

• Save it to your desktop or a place easy to find.
• Do not run it yet

Now scan with HijackThis and check the boxes for the following entries:
( Make sure ALL browser windows are closed when you click FIX )

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Soltek] C:\WINDOWS\System32\autorun.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

Again, make sure ALL browser windows are closed when you click FIX.

Next, run CCleaner to clean up cookies and temp files.

Locate PocketKillbox
(Procede with this step even if they do not show in blue)

Now, Copy and Paste C:\WINDOWS\System32\autorun.exe into the box – If it exists, it will show up in Blue. Check the option to Delete on Reboot and Click the Red X and Yes to the confirmation message. A message will ask if you want to reboot now – Click YES and allow your PC to reboot.

• If you get an error message about Pending Operations, just reboot your computer manually.

After you complete the above, REBOOT and proceed with the rest of this fix...

Next...

Reset Web Settings & Default Security Settings:

To Reset Web Settings:
Right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK


To Default Security Settings:
Right click on your desktop Internet Explorer icon and select Properties. Then click the Security Tab and click Default Level for Internet, Local Intranet, Trusted Sites, and Restricted Sites.

Finally, I would like you to flush your System Restore points. Please follow the instructions in the below:

• Disable and Re-enable System Restore
  
  
• Turn OFF System Restore to flush any bad Restore Points.
  
  
• Then, follow the instructions at the bottom of the linked page to Re-enable the Restore Utility which will create a fresh restore point.

After you complete the above reboot once more and then scan with HijackThis and attach the new log.

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now.

Once you complete this post, reboot once more and attach a fresh HJT log and let me know how things are running.

 

OK, have done, new log attached.

No problems currently other than a wireless connection running far slower than it says it is. But that's a different problem.

thanks

Lee

 

Your log looks good, you must now update your OS.

Download the following package, please note its 266 MB and may take about 15 minutes on Cable/DSL.

Windows XP Service Pack 2

After download is complete, double click to install.

 

cheers,

Lee

 

After you install SP2, you need to get the additional updates so your fully updated. Then be sure you have an up-to-date antivirus, firewall and antispy program.

All can be found here, How to Protect yourself from malware!.