SpywareQuake Smitfiles.txt review

Welcome to Majorgeeks!

Run the SpywareQuake procedure again. It has been update with about 7 more forms of the infection and some new files. Make sure to download the fixquake.zip file again since it has changed.

The file you will be looking for to delete is actually C:\WINDOWS\g30068234.dll

Attach your new smitfiles.txt log and tell me how things are working.

 

It does not look to me like you are downloading the new fixquake.zip file and using the new registry patch. I see the below in you log:

"{259BA022-2005-45E9-A965-10EDB9C00605}"="Windows Updater"

This should be removed by using the registry patch. Also per the procedure, if you cannot delete a file, we also made a suggestion to rename the DLL and then delete it later after another reboot. So while in safe mode run the NEW registry patch (make sure you download it again. I updated it 4 times yesterday.) and then rename g30068234.dll to g30068234.ddd. Then run smitrem again and save the new log. Then try to delete the above file after your next reboot.

Come back and post the new smitfiles.txt log and let me know what happened.

 

It appears that you must have other malware on your PC or that you may have something installed that is blocking changes to your registry.

Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.

• Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
• Make sure you check version numbers and get all updates.
• Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

• After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:

Downloading, Installing, and Running HijackThis
​

• When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too (these scans are covered in steps 6 & 7 of the READ & RUN ME sticky)
  • Bitdefender
  • Panda Scan
  • HijackThis

.

 

Sounds like you probably have a load of cookies or you did not empty your Quarantine & Norton NProtect folders before running the scans. See step 0 of the READ ME. (Edit: after looking at your Bitdefender log, I see my assumption is correct!! Empty them NOW!)

You can either compress the Panda log into a ZIP file and upload the ZIP or you can split it. I need this log before continuing.

Why is regsrv32.exe running 8 times? What were you running when you obtained the HJT log.