Please help to solve my problem

HI


You need to empty your Norton NProtect Recycle Bin as some items are located in their, step 1: Secondary House Cleaning of the guide mentions how to do this, then run the guide again and this time also attach the Hijackthis log, paying attention to the install location and renaming of the Hijackthis.exe to Analyze.exe

 

You need to follow the directions given in step 7 of the READ ME and attach a HijackThis log

Why are you removing Yahoo entries from your registry? If you don't use the Yahoo software then you should just uninstall it. Or did you already uninstall it and these did not get removed?


Are any of the below paid versions or are they all free trials?
AVG Anti-Spyware 7.5
Spy Sweeper
SpyRemover 2.63
Spyware Doctor 4.0

You already appear to have a paid version of Ad-Aware SE Professional installed, which means also having the above is overkill and will cause conflicts, make it difficult to impossible to fix problems since they will block fixes, and will slow your PC down.


Do you know what the below file is:

Code:

 
"C:\WINDOWS\"
mj2006~1.exe  Jul  5 2006      103284  "Mj2006 Uninstaller.exe"

 

So does that mean that all three of the below are paid programs?
Spy Sweeper
SpyRemover 2.63 <--- note this is out of date. Current version is 2.67. But you don't need or want this if Spy Sweeper or Spyware Doctor are paid programs.
Spyware Doctor 4.0

Also note: If Spy Sweeper and Spyware Doctor are both paid programs, one should be uninstalled.

 

Well I see you also have Ad-Aware SE Professional installed with Ad-Watch which makes 3 of these realtime blockers and you only want to have one of these installed! I'm surprised you are complaining about malware rather than complaining that your PC is slow since you have these three running at the same time. And you also still have AVG Anti-Spyware 7.5 and SpyRemover 2.63 installed. You also appear to have Windows Live OneCare safety scanner installed which complicates matters even more. It is a wonder you PC runs at all.

UninstallAVG Anti-Spyware 7.5 and SpyRemover 2.63 now!

You also should uninstall Windows Live OneCare safety scanner

Spy Sweeper is the best of the three at protecting, detecting, and removal but lately has started to become a resource hog especially on some PCs!

Spyware Doctor is second best and can also be a little resource intensive too.

Ad-Aware is the least effective of the three and I would disable the Ad-watch feature and just keep the other part of Ad-aware for backup scanning but even there it is not as useful as it used to be.

So in the end my choice would be either Spy Sweeper or Spyware Doctor depending on which performs the best for you.

NOTE: Please do not edit or otherwise manipluate the log files. You are corrupting the flow of information in the log. When GetRunKey and ShowNew run, they create the logs and all you have to do is upload them. DO NOT EDIT THEM or rewrite them.

 

Make sure you uninstall all the stuff given in me previous message before doing the below or the fixes may not work.

Goto Add/Remove Program and uninstall any of this QQ or QQ2005 or QQ2006 or Tencent stuff.

No download a tool we will need - Pocket KillBox

Save it to its own folder somewhere that you will be able to locate it later.

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [YLive.exe] C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
O4 - HKLM\..\Run: [yassistse] "C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe"
O4 - HKLM\..\Run: [res] C:\WINDOWS\system32\res.exe
O4 - HKLM\..\Run: [xBarUpdate] C:\Program Files\xBar\xBarUpdate.exe
O4 - HKLM\..\Run: [CnsMin] Rundll32.exe C:\WINDOWS\DOWNLO~1\CnsMin.dll,Rundll32
O8 - Extra context menu item: ¤W?¨ìQQÊI?µw? - C:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: ¤W?¨ìQQÊI?µw? - C:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: ¤W¶Ç¨ìQQºô¸ôµwºÐ - C:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: ¨Ï¥Î BitSpirit ¤U¸ü(&B) - C:\Program Files\BitSpirit\bsurl.htm
O8 - Extra context menu item: ·s¼W¨ìQQ¦Û©w¸q&shy;±ªO - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: ·s¼W¨ìQQªí±¡ - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: Ìí¼Óµ½QQ±íÇé - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: Ìí¼Óµ½QQ×Ô¶¨ÒåÃæ°å - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: ²K¥[¨ìQQ¦Û©w?&shy;±ªO - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: ²K¥[¨ìQQ¦Û©w?&shy;±ªO - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: ²K¥[¨ìQQ¦Û©w¸q&shy;±ªO - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: ²K¥[¨ìQQªí±¡ - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: ¥ÎQQ MMS¶Ç°e¸Ó¹Ï¤ù - C:\Program Files\Tencent\QQ\SendMMS.htm
O8 - Extra context menu item: ¥ÎQQ±m«H?°e??¤ù - C:\Program Files\Tencent\QQ\SendMMS.htm
O8 - Extra context menu item: ¥ÎQQ±m«H?°e??¤ù - C:\Program Files\Tencent\QQ\SendMMS.htm
O8 - Extra context menu item: ¥ÎQQ±m«Hµo°e¸Ó¹Ï¤ù - C:\Program Files\Tencent\QQ\SendMMS.htm
O8 - Extra context menu item: ÓÃQQ²ÊÐÅ·¢Ë͸ÃͼƬ - C:\Program Files\Tencent\QQ\SendMMS.htm
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra 'Tools' menuitem: ??QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE

After clicking Fix, exit HJT.

Now run Pocket Killbox by doubleclicking on killbox.exe
Choose Tools > Delete Temp Files and click Delete Selected Temp Files.
Then after it deletes the files click the Exit (Save Settings) button.
NOTE: Pocket Killbox will only list the added files it is able to find on the system. So when you do the below, if some files do not show in the list after pasting them in, just continue.

Select:

• Delete on Reboot
• then Click on the All Files button.
• Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

C:\Program Files\Tencent\QQ\QQ.EXE
C:\Program Files\xBar\xBarUpdate.exe
C:\WINDOWS\system32\res.exe
C:\WINDOWS\Downloaded Program Files\CnsMin.dll

• Return to Killbox, go to the File menu, and choose Paste from Clipboard.
• Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt.

If you receive a PendingFileRenameOperations prompt, just click OK to continue (But please let me know if you receive this message!).

If Killbox does not reboot just reboot your PC yourself.

After reboot locate the below folders and delete if found:
C:\Program Files\Yahoo!
C:\Program Files\Tencent
C:\Program Files\xBar

Now run Ccleaner!

Now attach the below new logs and tell me how the above steps went.

1. GetRunKey
2. ShowNew
3. HJT

Make sure you tell me how things are working now!

Reminder Note: Once we have determined you are malware free you will need to disable System Restore, reboot, and re-enable system restore per step 1 of the READ & RUN ME. This only applies to if using WinXP or WinMe.

 

No! As far as I know from several threads here in this forum, that is where the problems began! Also read this:

http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453083549

Your logs are clean but you should have HJT fix the below leftover from Spy Sweeper:
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)


If you are not having any other malware problems, it is time to do our final steps:

1. If we used Pocket Killbox during your cleanup, do the below
   • Run Pocket Killbox and select File, Cleanup, Delete All Backups
2. If we used ComboFix you can delete the ComboFix.exe file and associated C:\combofix.txt log that was created.
3. If we user SDFix you can delete all the SDFix related files and folders from your Desktop or whereever you installed it.
4. If we used VundoFix, you can delete the VundoFix.exe file and the C:\VundoFix Backups folder and C:\vundofix.txt log that was created.
5. If we had your run FixWareOut, you can delete the Fixwareout.exe file and the C:\fixwareout folder.
6. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
7. You can delete the ShowNew.Zip and GetRunkey.Zip files and the files that you extracted from the ZIP files. You can also delete the C:\newfiles.txt and C:\runkeys.txt logs that were created
8. If you are running Windows XP or Windows ME, do the below:
   • go back to step 8 of the READ & RUN ME to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
9. After doing the above, you should work thru the below link:
   • How to Protect yourself from malware!

 

You're welcome. Surf safely.