Can't run SAS, Combofix, or Malwarebytes for READ and RUN Me FIRST

Please do the following:

Remove all of your browser toolbars and extensions.

Download and Install Registrar Lite.
Now run Registrar Lite.

Copy and paste the below into the Address box of registrar lit and hit the Enter key.

HKEY_LOCAL_MACHINE\SYSTEM

Then click the Security pull down on the top menu and choose Take Ownership. Click OK in the next window to approve it. Now navigate to the following keys and take ownership of them (explained further down):

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService\Enum]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CMDSERVICE]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CMDSERVICE\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdService]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CMDSERVICE]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CMDSERVICE\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\cmdService]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\cmdService\Enum]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_CMDSERVICE]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_CMDSERVICE\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\cmdService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NETWORK_MONITOR]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NETWORK_MONITOR\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_NETWORK_MONITOR]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_NETWORK_MONITOR\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_NETWORK_MONITOR]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_NETWORK_MONITOR\0000]

o take ownership of the key do the following:

* Copy & Paste one registry key from above into the address bar of Registrar Lite and hit the enter key. This will bring you to the regitry key.
* Click-on Security in the Menu
* Select Take Ownership
* Now right click on the registry key and select delete
* Repeat for all registry keys
* Tell me the results. Any errors?

Copy the contents of the below Quote Box to Notepad. Then click File and then Save As. Change the Save as Type to All Files. Name the file fixme.reg and then click save. (make sure you save it somewhere you can find it. Saving it to your Desktop may make that easy.) Then double-click on the fixme.reg file on your desktop (or locate it with Windows Explorer and double click on it if not saved to the Desktop) and when it prompts to Add in to the registry, say yes.

Now see if you can run the other scans and attach the logs if you can. Let me know what happens

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

Then attach the below logs:

* C:\MGlogs.zip

 

Copy & Paste one registry key from above into the address bar of Registrar Lite and hit the enter key. This will bring you to the regitry key.
* Click-on Security in the Menu
* Select Take Ownership
* Now right click on the registry key and select delete


Does that help?

 

Yes and attach the logs if you can.

 

Sweet......your logs are clean.

Run this: Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

I would suggest you create a new user account with limited privileges and use that account for web surfing. Leave the Admin account for system changes and downloads or uninstall chores.

If you are not having any other malware problems, it is time to do our final steps:

1. We recommed you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no real time protection. They are useful as backup scanners. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
   
   • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
   • "%userprofile%\Desktop\combofix" /u
     
     • Notes: The space between the combofix" and the /u, it must be there.
     • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
     
     
   • Delete the C:\combofix folder from combofix (if it exists)
   
   
3. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
4. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
5. Go to add/remove programs and uninstall HijackThis.
6. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
7. If you are running Vista, Windows XP or Windows ME, do the below:
   
   • Refer to the cleaning steps in the READ ME for your Window version and see the steps to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
   
   
8. After doing the above, you should work thru the below link:
   
   • How to Protect yourself from malware!