Newbie -- Check over my HJT Log Please?

Just followed abri's awesome directions to guide me through the process of making my PC safe from the win32.skynet worm. I have just completed an Analyse This scan and here is the log. Do I need to make any additional changes?

 

Hi wjl144,
Welcome to Major Geeks!

Which directions are you referring to in your comment below?

I removed your inline HijackThis log, but I have taken a look at it and I'll attach it here with my post. Your computer is still infected and to complete the cleaning process, you need to work through the instructions in the READ & RUN ME FIRST and attach the logs that are requested. HijackThis is an excellent tool, but for most of the infections we see, it's not possible to locate all the files that need to be removed just using this one tool. Let me know if you have any questions as you go along.

abri

 

Thanks for the reply!

Here is the link I was referring to:
http://forums.majorgeeks.com/showthread.php?t=146024

I have gone through the instructions and am pretty sure I did them all correctly. I'm new to all this stuff and have never had to go into such an in depth removal process for a virus. Here is the MGlog zip file and updated HiJackThis! log. I'm trying to locate the counterspy one now. I do notice teatimer is showing up but I know I unchecked a teatimer option along the way of installing Spybot!

Regardless, just hoping that anything harmful has been wiped out. This sure was time consuming so hopefully it paid off!

 

Hi wjl144,

Thank you for your kind words. Most of the procedures along with the MGTools have been developed by Chaslang and any credit for their success must go to him. He works tirelessly and has found ways to help many many people recover their computer functionality from the worst possible states.

And now, please do the following:

1) I would like to see the counterspy log if you have one. If you are not sure how to get this, it should be possible this way: (if it didn't find anything, just tell me)

2) Please disable your guest account if this has not already been done.

3) Next I would like for you to disable Spybot's TeaTimer. This can be done two ways.
First:

• Right-click the Spybot Icon in the System Tray (looks like a blue/white calendar with a padlock symbol)
• If you have the new version 1.5, Click once on Resident Protection, then Right click the Spybot icon again and make sure Resident Protection is now Unchecked. The Spybot icon in the System tray should now be now colorless.
• If you have Version 1.4, Click on Exit Spybot S&D Resident

or Second, For Either Version :

• Open Spybot S&D
• Click Mode, choose Advanced Mode
• Go To the bottom of the Vertical Panel on the Left, Click Tools
• then, also in left panel, click Resident shows a red/white shield.
• If your firewall raises a question, say OK
• In the Resident protection status frame, Uncheck the box labeled Resident "Tea-Timer"(Protection of over-all system settings) active
• OK any prompts.
• Use File, Exit to terminate Spybot

2) Go to add/remove programs and uninstall the below:

4) Go to add/remove programs and uninstall the below:

- Java 2 Runtime Environment, SE v1.4.2_03

5) Reboot after uninstalling the above.

6) Install the current version of Sun Java from: Sun Java Runtime Environment


7) If you do not use Windows Messenger (not to be confused with MSN Messenger!!) I would like you to run Disable/Remove Windows Messenger


8) Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe"
O21 - SSODL: WinAlrt - {f0099351-26fb-4ec6-9348-a987bde037ee} - (no file)

After you click fix, just close hijackthis.


9) Now run CCleaner at the default setting with the Windows tab as the top one.

10) Please run C:\MGtools\GetLogs.bat and attach the fresh MGlogs.zip.


Let me know how things are running now?

abri