not wanting to make a mistake

Program Files is not in Documents and Settings. You have the below folders:

C:\Program Files
C:\Documents and Settings

Where you DOWNLOAD and where you install are two different things. Do not DOWNLOAD to either of the above folders or any subfolder under them. But when you install software, you should install to the recommended default which is normally under C:\Program Files.

We suggested that you download to a download folder where you can identify files by folder and file names. This is so you always know what they are rather than trying to guess later. An example could be C:\Downloads and under this download folder you can create sub-folders like AntiVirus, AntiSpyware, DiskCleaners....etc And under each of these folders you can create sub-folders to further categorize. Like:

C:\Downloads\AntiSpyware\AVG Antispyware
C:\Downloads\AntiSpyware\Spybot

and so on.

C:\ is the Root folder of drive C (note the colon is important, it is not C/ ) The only tool we asked you to DOWNLOAD to the root folder of your Windows boot drive was MGtools.exe

It means delete or cleanup NOT restore. Most antivirus and antispyware programs create some kind of backup of what they remove. Some call it a quarantine, others call it a vault, and others may just call it a backup. We want them removed/delete to avoid detecting them during the scans. It will only confuse things and make scans take longer.

See if you can use the CCleaner's Uninstall Tool under Tools (which you will see in the left column when you run Ccleaner). Then find them in the Programs to Remove list and select it, then click the Delete Entry button. Do this for the two you mentioned.

 

That's what you will see while ComboFix is working. It terminates explorer.exe which is your Windows shell and is the program that will show your Desktop and icons. Than a while later ComboFix will attempt to reboot your PC which means Windows has to be shutdown. If your PC has problems that cause shutdown not to work, ComboFix may never be able to complete its process. You obviously cannot run anything else with your PC in this state. What did you do? How are you connecting here now? Do you kill the power? You are now talking about boot time errors. Does that mean that you already pulled the power?

 

Don't run ComboFix anymore. Also skip AVG Antispyware unless already finished with it. Move onto the step with MGtools and get me the log from it named C:\MGlogs.zip

 

You only received this error because you are missing the Microsoft .NET Framework updates from Microsoft update.

I'll take a quick look at your logs but I need to get to sleep real soon.

 

No wonder you are having so many problems!!! You are very badly infected.

• Click on Start, then Run ... type services.msc into the box that opens up, and press 'OK'.
• On the page that opens, scroll down to SymWMI Service
• then right click the entry, select Properties and press Stop Service.
• When it shows that it is stopped, next please set the Start-up Type to 'Disabled'.
• Click OK until you get back to Windows.

• Next, run HJT, but instead of scanning, click on the None of the above, just start the program button at the bottom of the choices.
• At the lower right, click on the Config button
• Then click the Misc tools button
• Select Delete an NT Service
• Copy/pasteSymWSC into the box that opens, and press OK
• If you receive any error messages just ignore them and continue.
• Now exit HJT but do not reboot when it tells you it needs to. We will do that further down after running HJT again to fix some other items.

Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O2 - BHO: {81ec669c-3d59-faaa-53a4-8f39651b6110} - {0116b156-93f8-4a35-aaaf-95d3c966ce18} - C:\WINDOWS\system32\ftcnleeq.dll
O2 - BHO: (no name) - {513CB345-A41E-47F0-8A24-3A237811BF4C} - (no file)
O2 - BHO: (no name) - {A72F3AE9-61A0-4AE4-9D3D-BEACFF510931} - C:\WINDOWS\system32\mljjh.dll
O2 - BHO: (no name) - {BBB05D9E-0297-404D-A6BF-D8F2876B84A6} - C:\WINDOWS\system32\rqrqolm.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [44abe178] rundll32.exe "C:\WINDOWS\system32\xvbuypck.dll",b
O4 - HKLM\..\Run: [WebSavingsfromEbates] wjview /cp "C:\Program Files\WebSavingsfromEbates\System\Code" Main lp: "C:\Program Files\WebSavingsfromEbates"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [updmgr] C:\Program Files\Common files\updmgr\updmgr.exe
O4 - HKLM\..\Run: [KAZAA] D:\Program Files\Kazaa\kazaa.exe /SYSTRAY
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O20 - Winlogon Notify: rqrqolm - C:\WINDOWS\SYSTEM32\rqrqolm.dll

After clicking Fix, exit HJT.

Copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it
double click it and allow it to merge with the registry.

Now download The Avenger by Swandog46, and save it to your Desktop.

• Extract avenger.exe from the Zip file and save it to your desktop
• Run avenger.exe by double-clicking on it.
• Check the 'Input script manually' box.
• Click on the magnifying glass icon.
• Copy everything in the Quote box below, and paste it in the box that opens:

• Now click the 'Done' button.
• Click on the traffic light icon and OK the prompt.
• You will be prompted to restart, OK the prompt and your PC should reboot, if not, reboot it yourself.
• A log file from Avenger will be produced at C:\avenger.txt

After reboot, delete all files in the below folders except ones from the current date (Windows will not let you delete the files from the current day).
C:\WINDOWS\Temp\
C:\Documents and Settings\STEVIE\Local Settings\Temp

Now run Ccleaner!

Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this and also attach the log from Avenger.

Make sure you tell me how things are working now!

 

You need to finish my previous instructions and attach the follow up logs that were requested so we can be sure that everything worked properly.

 

Do you actually use WinMXDownloadWinMX3.exe?

Some items did not get fixed. We need to try again. This time shutdown as much of McAfee as you can before doing the below.

Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O2 - BHO: (no name) - {1D842DE0-D532-478D-8D1B-C5CE6C07B7AA} - C:\WINDOWS\system32\mljjh.dll (file missing)
O2 - BHO: (no name) - {BBB05D9E-0297-404D-A6BF-D8F2876B84A6} - C:\WINDOWS\system32\rqrqolm.dll (file missing)
O4 - HKLM\..\Run: [msbb] c:\program files\180solutions\msbb.exe
O4 - HKLM\..\Run: [AltnetPointsManager] C:\Program Files\Altnet\Points Manager\Points Manager.exe -s
O20 - Winlogon Notify: rqrqolm - rqrqolm.dll (file missing)

After clicking Fix, exit HJT.


Run avenger.exe by double-clicking on it.

• Check the 'Input script manually' box.
• Click on the magnifying glass icon.
• Copy everything in the Quote box below, and paste it in the box that opens:

• Now click the 'Done' button.
• Click on the traffic light icon and OK the prompt.
• You will be prompted to restart, OK the prompt and your PC should reboot, if not, reboot it yourself.
• A log file from Avenger will be produced at C:\avenger.txt

Now run Ccleaner!

Now please download the current version of MGtools from here: MGtools.exe

• Save it to c:\MGtools.exe
• Double click on MGtools.exe to run it and create a new C:\MGlogs.zip file.
• Attach the new MGlogs.zip file.
• Also attach then new log from Avenger.

Make sure you tell me how things are working now!

 

Then have HijackThis fix the startup entry where it loads:

O4 - Global Startup: WinMXDownloadWinMX3.exe

Also delete the file. It is probably here:

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinMXDownloadWinMX3.exe

 

You're logs are clean.

I still see McAfee. Did you remove it after getting the logs? Or are you saying you're having problems uninstalling McAfee. If having problems, see this: McAfee Consumer Product Removal Tool

If you are not having any other malware problems, it is time to do our final steps:

1. If we used Pocket Killbox during your cleanup, do the below
   • Run Pocket Killbox and select File, Cleanup, Delete All Backups
2. If we used ComboFix, you can delete the ComboFix.exe file, C:\ComboFix folder, C:\QooBox folder, C:\WINDOWS\nircmd.exe, C:\combofix.txt and C:\ComboFix-quarantined-files.txt logs that was created.
3. If we user SDFix you can delete all the SDFix related files and folders from your Desktop or whereever you installed it.
4. If we used SmitFraudFix, you can delete all files and folders related to it now including the c:\rapport.txt log.
5. If we used VundoFix, you can delete the VundoFix.exe file and the C:\VundoFix Backups folder and C:\vundofix.txt log that was created.
6. If we had your run FixWareOut, you can delete the Fixwareout.exe file and the C:\fixwareout folder.
7. If we had you run Avenger, you can delete all files related to Avenger now.
8. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
9. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
10. If you are running Windows XP or Windows ME, do the below:
    • Refer to the cleaning steps in the READ ME for your Window version and see the steps to Disable System Restore which will flush your Restore Points.
    • Then reboot and Enable System Restore to create a new clean Restore Point.
11. After doing the above, you should work thru the below link:
    • How to Protect yourself from malware!

 

You're welcome. Surf safely!