BSoD whilst installing XP Malicious Tool update

None malware observation: I recommend that you either cleanup (remove) a lot of stuff from your hard disk or get a larger hard disk. You show only 760,823,808 bytes free. I know this looks like a lot but it is not even 3/4 of a Gigabyte and in todays Windows XP environment, this is really to little to have free. A lot of disk is required for the OS to run smoothy and for backups and System Restore points to be created....etc.

We don't recommend using SpyHunter and infact recommend uninstalling it. Bad track record/history! This is up to you though. But if it was just the trial download it is of no use to you anyway.

Now Uninstall the below old versions of software:
J2SE Runtime Environment 5.0 Update 3
J2SE Runtime Environment 5.0 Update 6

Now install the current version of Sun Java from: Sun Java Runtime Environment

Now you need to re-run CounterSpy and have it fix everything it found. You had it ignore all of the MyWebSearch and Fun Web Products junk.

Okay now let's remova a malware service!

• Click on Start, then Run ... type services.msc into the box that opens up, and press 'OK'.
• On the page that opens, scroll down to Microsoft authenticate service
• then right click the entry, select Properties and press Stop Service.
• When it shows that it is stopped, next please set the Start-up Type to 'Disabled'.
• Click OK until you get back to Windows.

• Next, run HJT, but instead of scanning, click on the None of the above, just start the program button at the bottom of the choices.
• At the lower right, click on the Config button
• Then click the Misc tools button
• Select Delete an NT Service
• Copy/pasteMsaSvc into the box that opens, and press OK
• If you receive any error messages just ignore them and continue.
• Now exit HJT and reboot when if it tells you it needs to.

After reboot delete the below folders if found:
C:\Program Files\MyWebSearch
C:\Program Files\Common Files\{806D4CF1-018F-1033-1231-993199002c}
C:\Program Files\Common Files\{306D4CF1-018F-1033-1231-993199002c}

Additional step to delete files in the Downloaded Program Files folder :
- Click Start, Run, and enter cmd in the box and click OK. This opens a command prompt windows.
- Enter the following command lines each followed by the enter key
cd C:\WINDOWS\Downloaded Program Files\
attrib -r -h -s f3initialsetup1.0.0.15.inf
del f3initialsetup1.0.0.15.inf
exit



Now attach a new HJT log and tell me how things are working!

 

What size hard disk is it?

Try running this to help you see where space is being used:

http://users.forthnet.gr/pat/efotinis/programs/overdisk.html

Good!

That's okay! Rerunning CounterSpy and having it fix the malware it detected probably deleted it already.

 

Well that was the first mistake. This PC does not fit what I would define as the minimum requirements for effectively using Windows XP. The harddisk is way to small, the processor speed is too slow, and it probably does not have enought RAM either. I believe it was a 333Mhz system with only 64 MB by default. I don't even recommend using Windows 98 on a system with only 64MB of RAM. However, I don't know how much RAM is in your system. I don't recommend less than 512 MB with Windows XP; however I would not installed Windows XP on a system with less then a 1 Ghz Processor. While it may work (based on Microsofts minimum recommendations) there is a difference between working and working well.

Yes! If you are not having any other malware problems, it is time to do our final steps:

1. If we used Pocket Killbox during your cleanup, do the below
   • Run Pocket Killbox and select File, Cleanup, Delete All Backups
2. If we used ComboFix you can delete the ComboFix.exe file and associated C:\combofix.txt log that was created.
3. If we user SDFix you can delete all the SDFix related files and folders from your Desktop or whereever you installed it.
4. If we used VundoFix, you can delete the VundoFix.exe file and the C:\VundoFix Backups folder and C:\vundofix.txt log that was created.
5. If we had your run FixWareOut, you can delete the Fixwareout.exe file and the C:\fixwareout folder.
6. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
7. You can delete the ShowNew.Zip and GetRunkey.Zip files and the files that you extracted from the ZIP files. You can also delete the C:\newfiles.txt and C:\runkeys.txt logs that were created
8. If you are running Windows XP or Windows ME, do the below:
   • go back to step 8 of the READ & RUN ME to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
9. After doing the above, you should work thru the below link:
   • How to Protect yourself from malware!

 

Not as bad as I thought but still rather inadequate especially with the hard disk size. MS does not support Win98 anymore but they do support Windows 2000 which could run better on this PC. However even with Win 2000 a 6 Gb hard disk is a little too small. And if you are cgoing to use programs like LimeWire to download stuff (like MP3s...etc) it is way too small.


Your log is clean.