Spyware?Trojan?Periodic loss of control panel and administrative usage

Dear All, :crybaby

I'm totally lost and do not know how to solve my problem. These are the symptoms that I'm having.

1. Periodic loss of "control panel" access and the "system restore" does not work
2. It all started with a yellow triangular icon on the right task bar that states - " your computer is infected - windows detected spyware" and also a pop-up that states "windows security alert-warning! click to remove ..." Obviously my son clicked and closed this pop-up window

I have followed all the instructions as described in your logs. Summary of findings.
1. AVG antivirus (did not detect any problems)
2. Spybot (removed two items)
3, AVG antispyware - detected problems and quarantined
4. BitDefender - detected problems and removed
5. PandaActiveScan - detected and removed a trojan and I reran the cleaning of my "norton recycle bin" and cleaned the reminaing with CCleaner
6. Ran GetRunKey and ShowNew
7. Ran the Hijack log

So far the yellow triangle icon is missing and the pop-ups have stopped. I suspect I still have some problems because of the periodic loss of administrative rights to certain programs and loss of control of certain microsoft features e.g. control panel, system restore.

Kindly review and I look forward to your advice. I have learnt a lot from the malware removal guide.

Sincerely,
Mongooseba

 

Dear All,

Here are the remaining files needed to help me.

Below is a summary of my Hijack log


Edit by chaslang: Inline HJT log removed. READ & RUN ME sticky not followed.



Mongooseba

 

Deal All,

Sorry that I forgot to upload the Hijack log and have posted it on the thread instead. Newbie problem.

Sincerely,
Mongooseba

 

Dear Chaslang,

Thanks for your prompt reply. I ran the "Chodefix" and something happened. I could not save the details. Enclosed is the new GetRunKey log. I have delected the previous Norton Antivirus. I kept the remaining speeddisk section. Also thanks for clearing my Hijack log.

Sincerely,
Mongooseba

 

Dear Chaslang,

I could not enter the "msconfig" initially and I skipped this step. I will now try this again per your instructions. Thanks.

Sincerely,
Mongooseba

 

Dear Chaslang,

Thanks again for following-up closely on my case. I have performed all the steps as instructed.

1. MSConfig: I was able to start in normal mode (loaded everything)
2. Ran "disable/remove window messenger" to uninstall the window messenger
3. Removed items on Hijack log (could not find 07 - HKCU\Software\****). I presume this was removed somewhere along the way
4. Merged your code with my registry in "fixme.reg"
5. Processed "avenger". I saw the log that it could not find the various files to be deleted. I could not find the files in my computer either. I presume this worked
6. Clicked on "Ccleaner"

My system restore has been suspended. The pop-ups did not occur and I am able to access the control panel e.t.c.. Do you think my computer is clean??????


Sincerely,
Mongoosebarolleyes

 

Dear Chaslang,

This is my remaining file for your perusal. Thanks again.

Sincerely,
Mongooseba

 

Dear Chaslang,

Should I delete all the Symantec products and substitute a new freeware defragmenter e.g. Fast Defrag Standard 2.31, Diskeeper Lite 7.0, or O&O software? Do you have a preference as to which I should choose?

The Symantec product does not seem to do a good job - way too slow: took > 6 hours to defrag and stalls. Could I have a problem with the software? Please advise and instruct. Thanks again.

Sincerely,
Mongooseba

 

Dear Chaslang,

Thanks for the input regarding these programs: Java 2 Runtime Environment, SE v1.4.2_05, Viewpoint Manager, and Viewpoint Media Player. As instructed, these programs were removed. I also decided to remove all the Symantec products and Skype as well. However, I'm not sure what "avanquest update"? Should I remove this as well?


I also disabled and enabled the "system restore" and the previous save points were erased. I uploaded the "comodo firewall" and "IOBit Smart Defrag" programs.

I have AVG antivirus, spybot, and spywareblaster. However, what should I do with the two "after the fact scanning tools" namely AVG antispyware and Superantispyware? My C:\recycler\Nprotect directory has a ton of files. Aren't these supposed to be erased when you empty the recycle bin? I thought that my recycle bin becomes normal when you remove all your Symantec products. Did I not remove all the Symantec products? Thanks.

Mongooseba

 

Dear Chaslang,

I have no idea what is "avanquest"? Should I remove this, and if I do make a mistake, can this step be reversed? I removed the Symantec's Norton antivirus program previously and removed the remaining products as well. I believe I did it correctly since I do not see them in the Hijack log. I do not like the Norton product any way. Too late and no regrets.

Probably I didn't quite understand the section on "Read Me: 1" instructions. I could not quarantine my previous Norton Antivirus because the program was erased initially. The Norton protected bin was emptied. Am I still suppose to have files on the C:\Recycler\*.*? Can I delete this files manually? Should I also check the registry for remaining Norton products?

My recycle bin behaves differently from my other computers. I do not have recycle bin properties when I right click the icon. What should I do?

Sincerely,
Mongooseba

 

Dear Chaslang,

I will leave the "avanquest" alone then. The CCleaner did not remove the components off the C:\Recycler\*.* folder. Is there something wrong here? I do not recall disabling the "recycle bin" at all. Do I need to restore this at the XP register? Please advise.

Sincerely,
Mongooseba

 

Dear Chaslang,

I've checked the registry and the following value was present.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace

{645FF040-5081-101B-9F08-00AA002F954E}

Should I delete and remake a new value? Thanks.

Sincerely,
Mongooseba:confused

 

Dear Chaslang,

My recycle bin originally had a Norton label to the icon. I renamed it to just "recycle bin." I assume that the "add and remove" program did not fully unistall the Norton bin. I am not able to right-click on my recycle bin and have the properties tab appear. However, when I delete a file, this appears in the recycle bin. What should I do?

As regards to the registry, I wanted to show you that the keys are not messed up. I'm not an expert in the registry, but have changed some keys before. Your advice it appreciated.

Sincerely,
Mongooseba
:yum

 

Dear Chaslang,

I did as advised and merged the code into my registry. The recycle bin still does not have the proper tabs in the properties mode. Enclosed is a jpeg file for your perusal. I look forward to your reply.

Sincerely,
Mongooseba :cry

 

Dear Chaslang,

You are the best. My recycle bin works! Kudos to you. My computer so far has not be acting up. What should I do with the quarantined items? Should I delete them? Do you have instructions? Thanks again for your patience.

Sincerely,
Mongooseba

 

Dear Chaslang,

I have quarantined items in "Superantispyware" and "AVG antivirus" softwares. Enclosed is the jpeg file for your view. Should I press and buttons that says "remove"? Thanks.

Sincerely,
Mongooseba

:hyper

 

Dear Chaslang,

Thanks again for your reply and I have removed all the items from the quarantine bin. My computer is running and I have also tweaked the start-ups with CCleaner. On the side, do you know of any freeware to only direct or allow internet sites suitable for kids and teenagers? What I'm eluding to is ... any help with this issue would be helpful. Look forward to your reply.

Sincerely,
Mongooseba

 

Dear Chaslang,

Thanks for all your help and write to me if I may help in any way. Meanwhile, I believe I was nearly tricked with another computer with a malware problem. I posted it on the Malware section. Youuuuuuuuu aaaaarrrreee greeeeaaaat!


Regards,
Moogooseba