Need Help removing Virus, Spyware and Malware from my laptop

Welcome to Major Geeks!

Please follow the instructions in the below link and attach the requested logs when you finish these instructions.

READ & RUN ME FIRST. Malware Removal Guide

 

Attach the logs that were requested in the instructions.

 

First off ..HJT is a tool, not a malware cure. It needs to be properly installed and renamed which is how it will be installed when you run the instructions in the Read and Run First guide.

The requested logs after doing that are:
AVG-antispyware log
ComboFix log
MGLogs.zip ---> from running the MGTools.exe

 

You didn't let ComboFix run to completion. You also didn't fix anything that AVG found.
You must rerun AVG Antispyware and this time do not Ignore all the problems it finds like you did last time. You must either Quarantine or Delete allt he problems. Save a new log and attach it at the end of the below instructions.

Click on Start, then Run ... type services.msc into the box that opens up, and press 'OK'.
* On the page that opens, scroll down to Microsoft PS Service
* then right click the entry, select Properties and press Stop Service.
* When it shows that it is stopped, next please set the Start-up Type to 'Disabled'.
* Click OK until you get back to Windows.

Run C:\MGtools\analyse.exe by double clicking on it, but instead of scanning, click on the None of the above, just start the program button at the bottom of the choices.
* At the lower right, click on the Config button
* Then click the Misc tools button
* Select Delete an NT Service
* Copy/paste Microsoft PS Service into the box that opens, and press OK
* If you receive any error messages just ignore them and continue.
* Now exit HJT but do not reboot when it tells you it needs to. We will do that further down after running HJT again to fix some other items.

Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

After clicking Fix, exit HJT.

Now Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Now download The Avenger by Swandog46, and save it to your Desktop.

* Extract avenger.exe from the Zip file and save it to your desktop
* Run avenger.exe by double-clicking on it.
* Check the 'Input script manually' box.
* Click on the magnifying glass icon.
* Copy everything in the Quote box below, and paste it in the box that opens:

* Now click the 'Done' button.
* Click on the traffic light icon and OK the prompt.
* You will be prompted to restart, OK the prompt and your PC should reboot, if not, reboot it yourself.
* A log file from Avenger will be produced at C:\avenger.txt

After reboot look for all of the above files we had Avenger attempt to delete. If you still see them, delete them yourself.

Now run Ccleaner!

Now run the C:\MGtools\GetLogs.bat file by double clicking on it.
Then attach the new logs:

* new AVG Antispyware log
* c:\avenger.txt
* C:\MGlogs.zip

Make sure you tell me how things are working now!

 

We are making some progress.

Please find and delete:
C:\Combofix

Now:
* Run Spybot and click Mode
* Select Advanced Mode.
* Then click Tools and select Resident.
* Now in the right window pane, uncheck TeaTimer.
* Also while this is open, in the left column now select IE Tweaks
* and then in the right pane make sure all the Miscellaneous locks are unchecked.
* Now quit Spybot!

Now download ComboFix to your desktop!! Then double click it and do nothing until it produces a log.

Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

After clicking Fix, exit HJT.

Now Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

* Run avenger.exe by double-clicking on it.
* Check the 'Input script manually' box.
* Click on the magnifying glass icon.
* Copy everything in the Quote box below, and paste it in the box that opens:

* Now click the 'Done' button.
* Click on the traffic light icon and OK the prompt.
* You will be prompted to restart, OK the prompt and your PC should reboot, if not, reboot it yourself.
* A log file from Avenger will be produced at C:\avenger.txt

After reboot look for all of the above files we had Avenger attempt to delete. If you still see them, delete them yourself.

Now run Ccleaner!

Now run the C:\MGtools\GetLogs.bat file by double clicking on it.
Then attach the new logs:
* ComboFix
* c:\avenger.txt
* C:\MGlogs.zip

Make sure you tell me how things are working now!

 

The action plan would be to disable ALL anti-virus and anti-spyware software so that the fix I give you can work.

D:\Documents and Settings\326003212\Desktop\Anti-Virus --> what is this?

Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

After clicking Fix, exit HJT.

Now Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Find and delete:
:\Documents and Settings\326003212\Desktop\ieupdr2.exe

Have you tried using FIreFox as a browser?

Remember...some of your problems are due to not having SP2 installed.

 

Whenever you finish the fixes that I give you, re-enable your security software.

Please copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Please download ATF Cleaner by Atribune. This program does not require an installation. The executable actually runs the program.

NOTE: This program is for Windows XP and Windows 2000 only. ATF Cleaner will remove all files from the items that are checked so if you have some cookies you'd like to save. Please move them to a different directory first.

* Double-click ATF-Cleaner.exe to run the program.
* Under Main choose: Select All
* Click the Empty Selected button.

If you use Firefox browser

* Click Firefox at the top and choose: Select All
* Click the Empty Selected button.
o NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

* Click Opera at the top and choose: Select All
* Click the Empty Selected button.
o NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main ATF Cleaner menu to close the program.

Are you still just having problems with IE?

 

How are you trying to connect ....thru a router or directly thru a modem ( is it dial-up or cable or dsl?) ....have you spoken with your ISP about the problem?

 

Tell me what you have tried to re-enable it. The malware may have corrupted it so you may need to uninstall and then re-install.

 

The symnatec was disabled before what ....? Was it a paid for version that is still active?
If not...uninstall it and choose a different anti-virus from HERE

 

This may apply:
http://service1.symantec.com/SUPPOR...=2002080615435448&nsf=ent-security.nsf&view=0

or you may need to contact the company. Do you not have an install disc...is this off of the website....is it the corp. version from your server?