Please Help cleanup hasnt worked

Hi I know you have heard this thousands of times but the cleanup dosnt seem to have worked and I am not sure why. I followed the proceedure for running safe mode and smitrem have used adaware cc clean hs remover and spbot at least a hunred times but still dont have a clue as to why I still have issues. plus there is an anoying e explorer short cut I cannot remove from my desktop toolbar. I will attach the smitrem file and hope for an answer.

Thanks

Oh no there is no smitrem.txt file I'll try again but does anyone know why the smitrem file didnt create the txt file?

 

Sorry I tried again with the smitrem proceedure but still no smitrem.txt file it ran and returned my background to blue and all that just no txt file?
And I forgot to post my system specs here goes.
AMD 2600xp oc'd to 3200 specs
1gig ram pc3200 I think
80gig hd
gigabyte mo board 7nkl I think from memory
aopen dvd drive has a cd drive but not conected as I could be bothered working out how to get the 2 drives to work and only need one.
oh and nvidia fx 7500 graphics.
sory to be a pain can I post any details manually of the files that smitrem would show?

 

Welcome to MajorGeeks.com, please follow our standard cleaning procedures:

http://www.majorgeeks.com/images/grenade.gif Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support

• Make sure you check version numbers and get all updates.

http://www.majorgeeks.com/images/grenade.gif Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

http://www.majorgeeks.com/images/grenade.gifAfter doing ALL of the above and you still have a problem, make sure you have booted to normal mode and run the steps in the below thread to properly use HijackThis and attach the log:

http://www.majorgeeks.com/images/grenade.gif Downloading, Installing, and Running HijackThis

• Make sure you also rename HijackThis.exe as suggested in the procedures. Use analyse.exe for the new name. This is very important due to some new infections going around..

http://www.majorgeeks.com/images/grenade.gif In your next post, please make sure you attach the following logs and that you have run these scans in the following order:

• CounterSpy - ONLY IF you were not able to run Windows Defender
• Bitdefender - from step 6
• Panda Scan - from step 6
• runkeys.txt - the log from GetRunKey.bat
• newfiles.txt - the log from ShowNew.bat
• HijackThis

NOTE: You can only attach 3 files in a single message so it will require that you use two messages to attach all of these logs!

 

spywarequake/falcon removal and twain32

Hi thanks for the reply mr garrick. I did as you said and have so far completed the special removal proceedure for spq/sf. In doing this I found a file called twain_32.dll and twain.dll are these to be deleted aswell?
In running the fixquake.reg I encountered an error "cannot import: error opening file. disk or file error". Then when running the smitrem another error "cannot import smitfrau.reg error accessing registry" and there is no smitrem.txt file again. I did download a new version of both files and this is what happened.
I will continue on with the rest of the proceedures.
I also deleted 2 msvp.dll files from my desktop that were there for some reason but I should have taked the details for these programs before I deleted them.

Thanks Again

 

runkeys couterspy etc. logs

Hi I ran all the programs that I could in the readme sticky. Biggest problem I had was since I have an old copy of win 2k with no idea where my authorisation/verification numbers are (silly I know). So I couldnt run bitdefender and panda active scan counterspy did find 3 programs that I have deleted.
My internet explorer is not working and I cannot downlaod version7.
If this keeps up I'l go out and get win XP and be done with it clear my hard drive and start again.
hopefully I can attach the run files anyway here goes. I'll add counterspy next post.

 

radstar,

I have merged your threads together so please post in here from now on. Please attach a current HJT log.

 

if I run hijack this it wont delete anything will it? I read the instructions and it seems that if I make a mistake I could be in trouble is this correct? If so I will need to save a few things to some DVDs before I can risk loosing any of my operating systems or files.

 

Running HJT will not affect anything or delete anything. Simply run the utility and choose "Do a system scan and save a logfile". Locate this file and upload it to your next post.

Be sure before running the scan you rename Hijack This to something like "analyze" and also relocate it to Crogram Files\HJT.

 

Allright I finally managed to run the hijack this program still havent got a dvd disk to save my stuff to but thats another story had an interesting popup from counterspy it said IE is attempting to change from www. microsoft etc then isapi/redir.dll?prd=ie&ar=ie search to
and the other program is msvcp71.dll is what i removed and I keep getting an error saying its trying to find msvcp but cant.
Anyway here is my hjt log. Thanks for your patience you guys rock.

 

Scan with HijackThis and check the boxes for the following entries:
( Make sure ALL browser windows are closed when you click FIX )

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm

O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)

O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

Again, make sure ALL browser windows are closed when you click FIX.

Next, run CCleaner to clean up cookies and temp files.

Reset Web Settings & Default Security Settings:

To Reset Web Settings:
Right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK


To Default Security Settings:
Right click on your desktop Internet Explorer icon and select Properties. Then click the Security Tab and click Default Level for Internet, Local Intranet, Trusted Sites, and Restricted Sites.

Once you complete this post, reboot and let me know how things are running.

 

Ok I deleted or fixed what you recomended however IE still tries to open hsremove and I did the resting of IE as you said to. I have a problem with mozilla to when I try to login to hotmail it keeps saying server not found but after about 20 attampts I can finally get in.
I am thinking of backing up my stuff and deleting the hard drive and installing window XP or should I go for linux instead?
Thanks for your help much appreciated.

 

If you format everything we have done will be worthless and time wasted. If you wish to procede attach a fresh HJT log.

Copy the contents of the Quote Box below to Notepad. Then click File and then Save As. Change the Save as Type to All Files. Name the file iefix.reg and then click save. (make sure you save it somewhere you can find it. Saving it to your Desktop may make that easy.)

Double-click on the iefix.reg file on your desktop (or locate it with Windows Explorer and double click on it if not saved to the Desktop) and when it prompts to merge, click YES!

 

thanks I will give this a go. I cannot access the internet at all except from work so this is getting worse not better once I can access the internet I will post a new HJT file.

 

The internet was working correct? What happened?

 

Hi yeah internet access has become a intermitant at best. I cant use IE as I said before but now Mozilla has a problem where it gives me an error " cannot acces server check url and try again" or something like that and I have to close and reboot or try again and again utill it finally works. In fact this happened after I ran hijack this and did the delete you asked me. Not saying that this is because of what you have instructed me to do I think its because the programs or whatever are doing different things to stay on my pc and give me hell.
I have been able to access tonight so I dont know what that means but I will do the rest of the clean you have said to do.
and another cc clean hjt post etc.
should I get rid of the hsremove program? I got this originally from this web site as part of the first clean I did some months ago?

 

Ok did as you said but it didnt like me saving the iefix.reg but I insisted and if it worked I cant tell. I did anothe hjt scan and have attached it . Thanks for your patience you have more than me.

 

one more thing IE keep look for the ip adress 10.16.17.201 what is that? does it meaan anything in particular?

 

Scan with HijackThis and check the boxes for the following entries:
( Make sure ALL browser windows are closed when you click FIX )

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.16.17.201:9877

O4 - Global Startup: Attack Shield.lnk = C:\Documents and Settings\Deepthaught\Desktop\AttackShield.exe
(Keep this if your familiar with it)

O17 - HKLM\System\CCS\Services\Tcpip\..\{685BF3B3-55EC-4B16-AB98-83B1F1CEAEFC}: NameServer = 61.88.88.88
(Keep this if your familiar with it)

Again, make sure ALL browser windows are closed when you click FIX.

Next, run CCleaner to clean up cookies and temp files.

Finally, I would like you to flush your System Restore points. Please follow the instructions in the below:

• Disable and Re-enable System Restore
  
  
• Turn OFF System Restore to flush any bad Restore Points.
  
  
• Then, follow the instructions at the bottom of the linked page to Re-enable the Restore Utility which will create a fresh restore point.

After you complete the above reboot once more and then scan with HijackThis and attach the new log.

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now.

 

Ok I did as instructed but when I got to the system restor part I could not find system restore I've had a look on the net and cannot find info on system restore for win 2000 professional.
Also when I fix the hsremove lines in hjt and open hjt again the hsremove lines are back and it takes a couple of goes to remove and then appears again after a while.
Attached is a new scan. Thanks

 

If you didn't purchase CounterSpy go ahead and uninstall, something is blocking the fixes.

Once uninstalled, fix those 2 entries with HJT.

Are you having any current problems?

 

screen dump of my desktop with HSremove that I downloaded from this site I beleive and the problem IE shortcut that wont be deleted. Does this help?

 

Not really, no punctuation or anything so I'm not sure where one problem ended and another began.

Can you elaborate more on your problems? First, why did you run HSRemove and what did it do?

 

I'm sorry bjgarrick. I do get lazy with punctuation. I ment that I had intended to attach a screen capture of what was on my desktop and circled the two things (HSremove and IE shortcut) That are problems identified by hjt. The attachment didnt work. I have since deleted what you said to aswell as the HS remove program and I will again try to attach the screen capture.
I first downloaded HS remove from this site for malware removal I believe it scans the registry like the other programs and deletes problems. Everytime I ran it it delets 8 items its says. but since I have removed it I guess it doesnt matter.

Thanks again

 

You should not be using HSRemove as it's for HomeSearch/About Blank hijacker which you do not have, so this should not be ran.

 

OH ok I didnt know that. here is another hjt file and I hope the screen dump I have been trying. I had to shrink the file for the screen dump so its monochrome bitmap. I dont know how else I could shrink it. I saved the screen cap to pain so I could show the problems outlined earlier.

 

that didnt work to well. looks like a 4 year olds painting. the thing cicled down the bottom on the left cannot be deleted for some reason.

 

What is the problem on your desktop? Honestly, I would clean what you do not need off.

 

Hi I cleaned up most of the stuff on my desktop, Mozilla seems to be working perfectly for now. ButIE doesnt work at all it just opens a URL about:blank and it wont surf the net at all. No sorry it does surf sorry I think my pc is fixed now thank you very much bjgarrick you have been very helpful and patient. thank you for your time

 

I'm happy to hear things are running well, if you have anymore problems just let us know.