Please help, trojan infection

Welcome to Major Geeks!

Please attacht the other three logs requested in the READ & RUN ME:

• CounterSpy - only for Windows XP, 2K, & NT users
• AVG Antispyware log - ONLY IF NEEDED you were not able to run CounterSpy. - only for Windows XP, 2K, & NT users
• Bitdefender - from step 6
• HijackThis

 

Please follow the directions given exactly as written in the READ ME and attach the BitDefender log. It has HTML code in it. You don't need to be able to read it. We do.

Also you did not rename HijackThis.exe as requested in the READ ME. This is a necessary step as stated. You have this:

C:\Program\Hijackthis\HijackThis.exe

Rename it to look like the below:

C:\Program\Hijackthis\analyse.exe

I see you have all of the below installed. Are any of these paid versions?
AVG Anti-Spyware 7.5
CounterSpy
eTrust PestPatrol
SUPERAntiSpyware

If CounterSpy is the free trial from the Read & RUN ME, uninstall it now since we are finished with it now. Then delete the below two folders from it that may not be cleaned up by the uninstall:
C:\Documents and Settings\All Users\Application Data\Sunbelt Software
C:\Program\Sunbelt Software


Now uninstall the below software:
Java 2 Runtime Environment, SE v1.4.2
Viewpoint Media Player (Remove Only) <-- should have been uninstalled in step 0 of the READ ME


Make sure you reboot after uninstalling the above!

Please run HijackThis and click on the Open the Misc Tools Section button on the open page. Then select Open process manager on the left-hand side. Look for the following process (or processes) and one at a time kill them by selecting it and then click Kill process. Then click yes.

C:\Program\WinMsg\SYSMONMS.EXE
C:\Program\WinMsg\UINST.EXE

After killing all the above processes, click Back.
Then please click Scan and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
O2 - BHO: StrangeBho Class - {0B9B7B2E-30E3-4C5D-AD2C-C38724979B4B} - C:\Program\WinMsg\notepad.dll (file missing)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [bal] C:\Program\WinMsg\SYSMONMS.EXE
O4 - HKLM\..\Run: [StUnInst] C:\Program\WinMsg\UINST.EXE

After clicking Fix, exit HJT.

Now reboot in normal mode


Now locate the below folder and delete it if found:
C:\Program\WinMsg

Now run Ccleaner
Now download the current version of ShowNew from the link in the READ ME. You have an outdated version! Use the new version from now on!

Now attach the below new logs and tell me how the above steps went.

1. GetRunKey
2. ShowNew
3. HJT

Make sure you tell me how things are working now!

 

You have not attached anything at all!

Since only Pest Patrol is paid for, then uninstall the below:
AVG Anti-Spyware 7.5
CounterSpy <-- I already ask you to do this anyway
SUPERAntiSpyware

You can ignore the BitDefender log. Just attach the new logs I asked for in my previous message. Make sure they are new logs that you just obtained or they will not upload again.

 

Okay you are clean but you should consider removing the below from your Trusted Zone using HJT. We don't like to see anything in the Trusted Zone. In addition those look like dead sites anyway:

O15 - Trusted Zone: www.powersoft.name
O15 - Trusted Zone: www.superspots.biz

If you are not having any other malware problems, it is time to do our final steps:

1. If we used Pocket Killbox during your cleanup, do the below
   • Run Pocket Killbox and select File, Cleanup, Delete All Backups
2. If we used ComboFix you can delete the ComboFix.exe file and associated C:\combofix.txt log that was created.
3. If we user SDFix you can delete all the SDFix related files and folders from your Desktop or whereever you installed it.
4. If we used VundoFix, you can delete the VundoFix.exe file and the C:\VundoFix Backups folder and C:\vundofix.txt log that was created.
5. If we had your run FixWareOut, you can delete the Fixwareout.exe file and the C:\fixwareout folder.
6. If we had you run Avenger, you can delete all files related to Avenger now.
7. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
8. You can delete the ShowNew.Zip and GetRunkey.Zip files and the files that you extracted from the ZIP files. You can also delete the C:\newfiles.txt and C:\runkeys.txt logs that were created
9. If you are running Windows XP or Windows ME, do the below:
   • go back to step 8 of the READ & RUN ME to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
10. After doing the above, you should work thru the below link:
    • How to Protect yourself from malware!

 

You're welcome. Surf safely!