Laptop infected with many things

Does your friend realize that running Windows XP is a major security risk?


Please attach the log from Hitman Pro that was requested.


Uninstall the below programs. If you do not find them or they will not uninstall, just keep going.
MyPC Backup
Search Protect
suprasavings
Viewpoint Media Player


Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista or Win 7, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:


R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:1755;https=127.0.0.1:1755
O1 - Hosts: 209.44.111.62 safesystem.microsoft.com
O1 - Hosts: 209.44.111.62 antiviraprof.com
O1 - Hosts: 209.44.111.62 www.antiviraprof.com
O4 - HKLM\..\Run: [pcreg] C:\Program Files\pcmax\service.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [pcreg] C:\Program Files\pcmax\service.exe
O4 - HKUS\S-1-5-21-134609990-4050019579-2825770966-500\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" (User 'Administrator')
O18 - Filter hijack: text/html - {4f371abd-972c-46c6-a181-b08d9411a04c} - (no file)
O23 - Service: Computer Backup (MyPC Backup) (BackupStack) - Just Develop It - C:\Program Files\MyPC Backup\BackupStack.exe
O23 - Service: pcmaxservice Service (pcmaxservice) - Unknown owner - C:\Program Files\pcmax\pcmax.exe


After clicking Fix, exit HJT.


Please download OTM by Old Timer and save it to your Desktop.

• Run OTM.exe by double clicking on it (Note: if using Vista, Win7 or Win8, don't double click, use right click and select Run As Administrator).
• Copy the lines from the below codebox to the clipboard by highlighting ALL of them and pressing CTRL + C
  (or, after highlighting, right-click and choose Copy): Do not include the word Code: which is just a title line of
  the code box

Code:

:Processes
explorer.exe


:Services
MyPC Backup
pcmaxservice

 
:Files
C:\Program Files\MyPC Backup
C:\Program Files\pcmax
C:\Documents and Settings\DeeDee\Local Settings\Application Data\proxy.log
C:\Documents and Settings\DeeDee\Local Settings\Application Data\SearchProtect
C:\WINDOWS\system32\84C3C8FE37.sys
C:\WINDOWS\Tasks\At1.job
C:\WINDOWS\Tasks\pcreg.job
C:\WINDOWS\Temp\*.*
C:\Documents and Settings\DeeDee\Local Settings\Temp\*.*


:Reg
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=-
"pcreg"=-

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentVersion\Run]
"pcreg"=-

[HKEY_USERS\S-1-5-21-134609990-4050019579-2825770966-1005\Software\Microsoft\Windows\CurrentVersion\run]
"MSMSGS"=-
"pcreg"=-

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MimBoot]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MMTray]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{EA0A5C6B-5EFD-487A-9A13-EF50F8D3ECFD}]
:Commands
[purity]
[EmptyTemp]
[start explorer]
[Reboot]

• Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar
  ) and choose Paste.
• Now click the large button.
• If OTM asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
• Close OTM.

Now navigate to the C:\_OTM\MovedFiles folder ( assuming your Windows drive is C). This is where your log will be
saved in the form of Date and Time mmddyyyy_hhmmss.log. Just look for the most recent .log file. Attach
this log file to your next message.

Now please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
• The tool will open and start scanning your system.
• Note: That JRT may reset your home page to a google default so you will need to restore your home page setting if this happens.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Attach JRT.txt to your next message.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, Win7 or Win8, don't double click, use right click and select Run As Administrator).

Then attach the below logs:

• the C:\_OTM\MovedFiles log
• the JRT.TXT log
• C:\MGlogs.zip

Make sure you tell me how things are working now!

 

You're welcome.

This PC would not run Win 7 too well. It is too old and too slow. It is not even multi core and you would need to add more memory too. But even then it would be slow.

Okay well run a new scan now to see if it is smaller after what we have fixed. If not then compress it into a ZIP file and attach that.

Note, I still see suprasavings in the installed programs list.

 

Yes but the security issues that using this old OS could cause might be alot more expensive.

Yes give Revo a try. Also run Hitman Pro again and have it fix any of the

Malware remnants and Potential Unwanted Programs if they still show up.