search engine redirects, windows update 80072efe failure code

Welcome to Major Geeks!

Why did you skip them? They are not optional steps to run.


Go to TDSSKiller and Download TDSSKiller.zip to your Desktop

• Extract its contents to your Desktop so that you have TDSSKiller.exe directly on your Desktop and not in any subfolder of the Desktop.
• Click Start > Run and copy/paste the following bold command into Run box and hit Enter.

"%userprofile%\Desktop\TDSSKiller.exe" -v

• Follow the instructions to type in "delete" when it asks you what to do when if finds something.
• When done, a log file should be created on your C: drive named something like TDSSKiller.2.1.1_27.12.2009_14.17.04_log.txt which is based on the program version # and date and time run. Please attach this log to your next reply. (See: HOW TO: Attach Items To Your Post )

Why are you running in safe mode? Are you unable to boot in normal mode? You should only running in safe mode if absolutely nothing else works.

Did you disable UAC? And did you reboot after disabling it? Please try the below now.


Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).


Then attach the below logs:

• C:\MGlogs.zip

Make sure you tell me how things are working now!

 

You're welcome. Just attach the requested logs whenever you finish and then be sure to tell me how things are working afterwards.

 

Just follow the instructions in the below for disabling AVG and then continue with the fix:

http://www.avg.com/us-en/faq.num-1209

 

Okay then just continue with the rest of my instructions in message # 2.

 

You're welcome.

You should attach the requested log from MGtools (see the end of msg # 2).

 

It did not run properly. Did you let it finish running? Did you see any error messages? Did you shutdown protection software first? Did you run as administrator. Try running GetLogs.bat again.

 

Looks to me like you are having problems with Windows itself that may not be due to malware.

Also, please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1

Download Mirror #2

• Double-click SystemLook.exe to run it.
• Copy the content of the following codebox into the main textfield:
  Code:

  :reg
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\VirtualDeviceDrivers
  

• Click the Look button to start the scan.
• When finished, a notepad window will open with the results of the scan. You can just close this notepad window since the log is already saved on your Desktop.
• Please attach the SystemLook.txt log found on your Desktop to next reply.

 

Copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Make sure that you tell me if you receive a success message about adding the above
to the registry. If you do not get a success message, it definitely did not work.


Now click Start, Run, and enter sfc /scannow and click OK. There is a space after the sfc. This runs System File Checker which looks for missing or corrupted system files and attempts to replace/repair them from files on your hard disk or from the CD if necessary. So it will ask for the Windows CD if it needs it.


Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).

Then attach the below logs:

• C:\MGlogs.zip

Are you having any problems on your PC at all other than potentially running MGtools?

 

This is likely due to the fact that you have an inadequate amount of memory to run Vista and your free hard disk space is getting to low. You logs show

Code:

Total Physical Memory 765 MB 
Available Physical Memory 97.8 MB 
 
 
Drive C: 
Description Local Fixed Disk 
Compressed No 
File System NTFS 
Size 69.78 GB (74,924,072,960 bytes) 
Free Space 8.75 GB (9,400,438,784 bytes) 

We recommend at least 2 GB of memory for Vista and you have less than half that amount and having only approximately 98 MB free is simply not acceptable.


You need to uninstall Spybot - Search & Destroy 1.5.2.20 which is old and outdated.


Delete the below files:
C:\Users\Roy\AppData\Local\Sqonaliko.bin
C:\Users\Roy\AppData\Local\Xfaduje.dat
C:\yvikit.vlr


Also to cleanup some additional disk space, please download ATF Cleaner by Atribune. This program does not require an installation. The executable actually runs the program.


NOTE: This program is for Windows XP and Windows 2000 only. ATF Cleaner will remove all files from the items that are checked so if you have some cookies you'd like to save. Please move them to a different directory first.

• Double-click ATF-Cleaner.exe to run the program.
• Under Main choose: Select All
• Click the Empty Selected button.

If you use Firefox browser

• Click Firefox at the top and choose: Select All
• Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

• Click Opera at the top and choose: Select All
• Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main ATF Cleaner menu to close the program.

 

Your logs are clean.


If you are not having any other malware problems, it is time to do our final steps:

1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
   • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
   • "%userprofile%\Desktop\combofix" /uninstall
     • Notes: The space between the combofix" and the /uninstall, it must be there.
     • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
3. Go back to step 6 oof the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
7. Go to add/remove programs and uninstall HijackThis.
8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders
   related to MGtools and some other items from our cleaning procedures.
9. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
   • Refer to the cleaning procedures pointed to by step 7 of the READ ME
     for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
10. After doing the above, you should work thru the below link:
    • How to Protect yourself from malware!

 

According the the MGlogs.zip file you attached, ComboFix.exe is not on your Desktop.

It does not install as a Windows installed program. Neither does MGtools.

Then you would not need to run the uninstall for it. But your logs showed that you did run ComboFix to some extent because there was a C:\QooBox folder created by ComboFix when it saved backups. If you ran MGclean.bat, it will cleanup combofix files anyway.

 

You're welcome.

You mean 1 GB. Was enough for original Vista with no other software but will not suffice for updated Vista and other software. However you really did not have 1 GB for use by Windows. You appear to have an built-in video graphics card that is stealing 256 MB of memory from this 1 GB because the cheap graphics card did not have its own memory.