Rename itself at every boot

Can some shed some lights on this log and help. It's more than I can understand. I followed 'the' steps but somehow I know I still have a malware/virus (if nothing else...) that rename itself everytime I boot - I monitored with PREVX1 for a while. That's how I know.

Many thanks.
marcv

 

I missed the log attachement and the comp specs. Here they are

Thanks
Marcv

 

Your logs did not attach. Make sure you you click the upload button before you close the file management window.

 

ok - now it's there
Thanks

 

Your HijackThis log clearly shows an HaxDoor infection and AdClicker. However, you have not completed our standard cleaning procedures.

Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.

• Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
• Make sure you check version numbers and get all updates.
• Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

• After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:

Downloading, Installing, and Running HijackThis
​

• When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too (these scans are covered in steps 6 & 7 of the READ & RUN ME sticky)
  • Bitdefender
  • Panda Scan
  • HijackThis

 

I did run all the procedures - I just didn't attached them all.
Here are all of them now. I also have the AdAware log if you need it - as well as the CounterSpy log and the CCleaner log

Thanks
Marcv

 

Scan and have HJT Fix the following:

Download
- Pocket Killbox

Now run Pocket Killbox:

Choose Tools -> Delete Temp Files and click the RED X.

Run Killbox.exe. Paste the below filenames into KILL BOX one at a time. Check mark the box that says "Delete on Reboot" and checkmark the box "Unregister DLL" (If available) Click the RED X and it will ask you to confirm the file for deletion…say YES and when the next box opens prompting you to reboot now...click NO...and proceed with the next file. Once you get to the last one click YES and it will reboot. Note many of the file list below may not exist but we need to check for them anyway.

If Killbox does not reboot or you get a Pending Operations type error message just reboot your PC yourself.

Now boot into SAFE MODE

Open ExplorerXP navigate to and DELETE the following: (Some of these may have already been deleted by Pocket Killbox)

Now run CCleaner. If you have Windows XP delete the contents of C:\WINDOWS\Prefetch.

Then, as an added precaution, Go to Start -> Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.

REBOOT to Normal Mode.

Post a fresh HijackThis log.

 

Thanks Shadow.

Here's the requested HJT log file

Marcv

 

That appears to have done the trick. Your HijackThis log is clean.

You are running WIndows XP w/ SP1. You should really install SP2 and run Windows Update to bring your machine up2date. As it stand now your computer is vulnerable to re-infection.

Lets flush all your restore points and create a new clean one for your system.

Disable And Enable System Restore
How to Protect yourself from malware!

Safe surfing.

 

Shadow,
Alright! Thanks for the help
marcv