SCVHOSTS one step ahead of me

Welcome to Major Geeks!

Try the below version of the READ ME. This is a new shorter and better version. Click the below link not the one you see in the sticky thread in the forum page.

Please follow the instructions in the below link and attach the requested logs when you finish these instructions.

Read & RUN ME FIRST Before Asking for Support

If you cannot do certain steps, just skip them and continue all the way thru. When you finish doing all steps, attach the requested logs and explain what you could not do so that we know all the problems you had.

 

You're welcome, but you should consider attaching all of the requested logs just to make sure you are really clean. Problems like this often do not come alone.

 

You did not attach anything. You have to make sure you browse to the files and select them and then also click upload to actually attach them.

 

Your logs do not show any malware problems but I do have a few non-malware things you shoud do.


Uninstall the below old versions of software:
J2SE Runtime Environment 5.0 Update 6

Make sure you reboot after uninstalling the above!

After reboot, now install the current version of Sun Java from: Sun Java Runtime Environment

Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

After clicking Fix, exit HJT.

Copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it
double click it and allow it to merge with the registry.

Now run Ccleaner!

Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this and also attach the log from Avenger.

Make sure you tell me how things are working now!

 

You're welcome.

No it is not necessary to block svchost.exe as long as it is the one running from your system32 folder. jusched.exe is just for automatic updates to Sun Java. You don't really need this to always be running and thus you can just have HijackThis fix the below startup;


O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"


After fixing that, ZoneAlarm should not mention it again since it is not running anymore. (That's is until the next time you install a new Sun Jave version).