combofix freeze

Welcome to Major Geeks!

Just skip ComboFix for now. We will come back to it if necessary.

Shutdown Spybot's Teatimer as requested in the READ ME

Run AVG Antispyware and save a log to attach as requested. Then run MGtools.exe as instructed and attach the MGlogs.zip file that is requested.

 

Just in case you did not notice the link in the READ ME that talks about Teatimer.....here's how.

Now Disable Spybot's TeaTimer

• Run Spybot and click Mode
• Select Advanced Mode.
• Then click Tools and select Resident.
• Now in the right window pane, uncheck TeaTimer.
• Also while this is open, in the left column now select IE Tweaks
• and then in the right pane make sure all the Miscellaneous locks are unchecked.
• Now quit Spybot!

 

You can change it back yourself.

You ignored an important part of the READ & RUN ME. You are running multiple antivirus programs. You have Authentium, NOD32, and Trend Micro PC-cillin Internet Security 12 installed. You must uninstall all but one of these now before going any further.

Is your copy of Spy Sweeper a paid version of free trial?
If paid, it is possible that it was stopping ComboFix from running.


You will have to shutdown SpySweeper and AVG Antispyware before doing the below.

Uninstall the below old versions of software:
Java 2 Runtime Environment, SE v1.4.2_03

Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {8D03CD1F-30F1-4EFE-813B-A8469263643B} - (no file)
O2 - BHO: {d7700867-9861-944b-52b4-cd1b69d0b8ad} - {da8b0d96-b1dc-4b25-b449-16897680077d} - C:\WINDOWS\system32\kodjstdf.dll
O2 - BHO: (no name) - {E93EB7FD-5D67-4187-971F-954D3A560DE0} - C:\WINDOWS\system32\awtqr.dll
O2 - BHO: (no name) - {FF64059D-4D2A-4D6B-AA0F-2EE4A2FE3856} - C:\WINDOWS\system32\cbxuuus.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O20 - Winlogon Notify: cbxuuus - C:\WINDOWS\SYSTEM32\cbxuuus.dll

After clicking Fix, exit HJT.

Copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it
double click it and allow it to merge with the registry.

Now download The Avenger by Swandog46, and save it to your Desktop.

• Extract avenger.exe from the Zip file and save it to your desktop
• Run avenger.exe by double-clicking on it.
• Check the 'Input script manually' box.
• Click on the magnifying glass icon.
• Copy everything in the Quote box below, and paste it in the box that opens:

• Now click the 'Done' button.
• Click on the traffic light icon and OK the prompt.
• You will be prompted to restart, OK the prompt and your PC should reboot, if not, reboot it yourself.
• A log file from Avenger will be produced at C:\avenger.txt

After reboot, now install the current version of Sun Java from: Sun Java Runtime Environment

Please download ATF Cleaner by Atribune. This program does not require an installation. The executable actually runs the program.

NOTE: This program is for Windows XP and Windows 2000 only. ATF Cleaner will remove all files from the items that are checked so if you have some cookies you'd like to save. Please move them to a different directory first.

• Double-click ATF-Cleaner.exe to run the program.
• Under Main choose: Select All
• Click the Empty Selected button.

If you use Firefox browser

• Click Firefox at the top and choose: Select All
• Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

• Click Opera at the top and choose: Select All
• Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main ATF Cleaner menu to close the program.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this and also attach the log from Avenger.

Make sure you tell me how things are working now!

 

No do not just delete it! That is not the same as uninstalling. You probably install a security type package from your ISP (Verizon). You will have to uninstall it to get rid of Authentium which is installed. The below is direct from your registry

We will see what we can do.

You have to finish the procedures I already gave you.

 

It worked.

Did you buy \RegistryBooster 2? If not then uninstall it.

Also uninstall AVG Antispyware now since you have Spy Sweeper installed and Spy Sweeper can be very resource hungry.

I also don't recommend usind Ad-Aware 2007 since it will also waste system resources and the free version offers no protection.

You can have HijackThis fix the below line which is not required:
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

Then also consider whether you really require the below which are slowing you down. You can also have HijackThis fix these and you will more than likely see a performance improvement.
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [Verizon_McciTrayApp] "C:\Program Files\Verizon\McciTrayApp.exe"
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN


Now do the below to get Trend Micro PC-cillin Internet Security 12 remove from your install list.

Now Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

How are things working now?

 

Use HijackThis to fix the below lines:
O4 - HKLM\..\Run: [AAWTray] "C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe"
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S

As far as I know they are only need for online support. You should be able to run the applications when you need them. It should not be necessary to run these all the time when you will not need them all the time.

Okay if this is really true we not be able to remove all of the registry keys. You could try booting in safe mode and using the Administrator account to remove the keys and to apply the fixME.reg patch again.


Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created