private geek needing help sir

Welcome to Majorgeeks!

If you are following our procedure then you need to attach the smitfiles.txt log for us to review.

Which file is it that you cannot rename?

Also run the below procedure and attach the runkeys.txt log.

Using GetRunKey

 

The GetRunKeys procedure tells you exactly where to look for the file. C:\runkeys.txt

The directions for Spyfalcon and others tell you the same thing for the smitfiles.txt log. It should be c:\smitfiles.txt

 

I'm not sure if you are running the correct procedure and deleting the files as indicated. It looks like you may still be infected based on your logs. Please follow ALL steps in the below procedure from beginning to end (even if you don't find things being mentioned just continue).

SpywareQuake & SpyFalcon Removal Procedure

When finished, attach the new smitfiles.txt log that is created. Also tell me which items you found and deleted. Things that I think that may still be there are the below files but running SmitRem again my delete some:
C:\WINNT\system32\reglogs.dll
C:\WINNT\system32\1024 <--- the folder
C:\WINNT\system32\ld****.tmp <--- where **** can be anything
C:\WINNT\system32\hp***.tmp <--- where **** can be anything
C:\WINNT\system32\ts.ico
C:\WINNT\system32\ot.ico

Now after running the above procedure re-run GetRunKey.bat and attach a new runkeys.txt log.

Now tell me if you are still having problems.

Did you purchase this: Ashampoo AntiSpyWare

 

You need to follow steps in the order given! I said run SpywareQuake & SpyFalcon Removal Procedure first. Then afterwards run GetRunKey.

The below file still shows in your log:
C:\WINNT\system32\reglogs.dll

So you are not following the procedure properly!

 

What do you mean by fixquake program? Do you mean the fixquake.reg patch for the registry? This is not a program. What happens when you double click on this registry patch?

 

Sounds like you did not save the file properly. Exactly where did you save it? Do you have viewing of hidden files and also EXTENSIONS for known file types enabled? Is the file saved as fixquake.reg? Are you sure you saved the whole quote box to a file?

Try downloading the attached ZIP file. Extract the fixquake.reg file from it to the root folder of drive c (that is you should have c:\fixquake.reg when you do this). Then from Windows Explorer, locate c:\fixquake.reg and double click on it and allow it to add to the registry. Did this work?

If it does give you a success message, now get a new runkeys.txt log and post it.

Also as far as the Ashampoo trial program is concerned, I would suggest uninstalling it. If you want to buy something, buy Spy Sweeper which is one of the best tools out there.

 

Okay! So now the infected registry keys and files are finally deleted!

Are you having any other malware problems?

 

You cannot delete shdoclc.dll. It is a file that you need on your system. See: http://www.liutilities.com/products/wintaskspro/dlllibrary/shdoclc/

Perhaps you had more malware problems on your system than just SpyFalcon! Let's find out.

Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.

• Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
• Make sure you check version numbers and get all updates.
• Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

• After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:

Downloading, Installing, and Running HijackThis

​

• When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too (these scans are covered in steps 6 & 7 of the READ & RUN ME sticky)
  • Bitdefender
  • Panda Scan
  • HijackThis

.

 

1. Click Start > Run.
2. Type regedit
   
   Then click OK.
3. Navigate to the key:
   
   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs
4. In the right pane, reset the values for the following keys (The values listed here are the defaults. Your system values may have been different):
   
   "NavigationFailure" = "res://shdoclc.dll/navcancl.htm"
   "NavigationCanceled" = "res://shdoclc.dll/navcancl.htm"
   "OfflineInformation" = "res://shdoclc.dll/offcancl.htm"
   "blank" = "res://mshtml.dll/blank.htm"
   "PostNotCached" = "res://mshtml.dll/repost.htm"
5. Exit the Registry Editor.