Malware, no Control Panel, AV disabled

I am trying to fix my daughter's very sick PC. By the time she called me, she already had lots of problems, and had responded to a pop-up to install bogus AV (I believe "AVSystemCare"). There are constant pop-ups ("Warning - Potential Spyware operation! ... click Yes to download Spyware Remover..."), Control Panel is gone, her McAfee AV is disabled, and many functions are not allowed ("This operation has been cancelled dut to restrictions in effect on this computer").

I have read and followed as best I could the Malware Removal Guide. I say "best I could" because due to the #$%^ on the PC, I cannot do some of the recommended actions. This is what I have done/couldn't do (all actions done in Safe Mode - except where noted - with networking enabled when needed):

No control panel, so couldn't remove anything via "add/remove programs".

Installed, ran, in correct sequence, both ccleaner and Spybot S&D (over 100 problems found).

Could not install Counterspy (got a pop up stating the Administrator does not allow installation).

Ran AVG. Seven infected objects found, quarantined them. Though I had configured for reports after every scan, there was no report available in the reports section.

Tried to install the latest version of Java. Got a pop-up: "System Administrator has set policies to prevent this installation."

Went to Bitdefender website. During updating scanner process, updating virus signatures stuck at 67%, and never completed. Couldn't close session. Tried "ctrl, alt, del". Pop up - "Task manager has been disabled by your adminstrator."

Had to power down PC. Got back to Bitdefender website, tried again. This time got stuck at 78%. Only way to close out was to power down.

Since Bitdefender failed, I did NOT run Panda.

I then re-ran CCleaner, Spybot (seven items found and "removed"), and AVG (seven Infected Objects again, quarantined again). Once again, there was no available report (though I double-checked that I had selected it as an option). The main file found was "Trojan.smal", with multiple instances of "Not-A-Virus.. [Winfixer, Renos,jh, etc.]."

I then rebooted into normal mode. Ran GetRunKey. Dialogue box popped up: "Registry editing has been disabled by your administrator." Gave up.

Ran ShowNew. Same thing happened.

Installed and ran HJT. At least I got a log from that; it is attached.

Please help!!!

 

Thanks for the response!

Followed your steps. Both GetRunKey and ShowNew ran. I will attach the Avenger, GetRunKey, and ShowNew logs to this message, and send a separate one with the new HJT log.

Status of how things are working now:

1) The approximately-every-five minute pop-up ("Warning - Potential Spyware operation!...") seems to longer happen.

2) Control Panel still missing.

3) Ontward restrictions still on computer (e.g., if I right-click on the desktop, select "Properties", I get a dialogue box that says, "This operation has been cancelled due to restrictions in effect on this computer...")

Thanks again, looking forward to the next steps!

 

Attached to this message is my latest HJT log, as requested.

 

How can I uninstall the old Java and Viewpoint software? Control panel is gone; I have no access to "add/remove programs".

I looked in the folders of both applications, and didn't see an executable that appeared to be associated with unistalling.

Even if I do a Ctrl Alt Del, a pop up comes up stating "Task Manager has been disabled by your adminstrator."

Also, after you tell me how to remove the software (because I bet you know a way to do it), should that be done in Safe Mode?

Should I skip the de-installation of these two software packages, and continue on with the rest of your steps (won't do anything until you advise).

Thanks again!

Spike

 

Ran Avenger. Copied quoted statements.
Upon execution, saw a series of error messages ("Syntax error in line - does not appear to be a valid registry path, line will be ignored.") Pressed ok to continue, received another error dialogue box ("Error code 0: Line: ")

This was repeated for "DisableTaskMgr", "DisableRegistryTools", etc.

It looks like these error messages are in the attached Avenger log, so I won't repeat them here.

Rebooted.

Ran CC

At this point, I was to try and uninstall the old Java and Viewpoint software. There still was no Control Panel (which would lead me to "Add/Remove Programs"), so did not try to uninstall.

Ran GetRunKey and ShowNew

Logs for all three are attached.

Thanks!

Spike

 

Successfully merged statements into registry.
Rebooted
Control Panel now there!
Removed old Java, Viewpoint.
Rebooted.
Installed new Java (6.2)
ran CC
Ran Avenger. Wasn't sure on what to input, so repeated previously recommended statement (starting with "Files to delete C:\10.tmp...").
Ran CC
Ran GetRunKey and ShowNew
Log files from all three attached.

Thanks again!!!

 

Well, it doesn't look like I am out of the woods yet...

It appears that I still have some nasties hanging around.

Ran CC.
Ran Spybot S & D (came up with only two Microsoft "issues").
Ran AVG Anti-Spyware (came up with 7 instances of Trojan.small, and once again no available report).

Realized that I was in normal mode, so rebooted into safe mode, no networking.

Ran CC
Ran SB S&D (clean)
Ran AVG Anti-Spyware (1 instance of Trojan.smal)

Restarted in normal mode.

Now ran Bitdefender. (3 viruses found) Log is attached
Ran Panda Active Scan (5 viruses found, 1 Spyware; it looks like much of the "viruses" reference Avenger and Hijack This folders). Log is attached.

I also noticed that the McAfee Anti-virus will not enable, no matter how much I try. I have already downloaded AVG Free Edition Anti-Virus, but thought I should wait to install it until after you give me a go-ahead (don't want to do something out of order that might confuse the issues).

The McAfee Firewall seems to be functioning, but when I am done with cleaning up the system I will replace not only McAfee Anti-V with AVG, but will install Comodo FW.

But first, onward to a clean system!

What's next?

Thanks for your help!

 

Sorry about that - I thought an effective way to see if I "still had any Malware problems" would be to scan for them.

I followed the final instructions, including toggling system restore, went through all of the steps on how to prevent Malware in the future, and everything is running perfect now. THANKS!!!!!!!!!!!!!!!!!

One thing, I really tried to find it, but I could not find the file you recommended that I delete (C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\system.exe).

I really, really looked for it, but couldn't find it.

Once again, thanks!!!

 

I ran Panda again, and it came up with nothing! Yes!

After it ended, there wasn't an option to view or save a report (unlike when I had viruses reported the first time), and I am assuming that it only gives an option to view reports if it finds anything bad.

So with that, it looks like the PC is back in shape.

Thanks again so much - you, and all of the great folks at Major Geeks ROCK!

Spike.