Completed "READ AND RUN ME FIRST", but computer is still misbehaving!

Welcome to Major Geeks!

Normally not a malware issue. This would be a topic for the Software Forum but you can try the below first.

When your system is low on virtual memory, allow Windows to automatically manage the virtual memory. In Windows XP, follow the below instructions:

• Click Start, then open the Control Panel.
• If you have your system set for Category View
  • then click Performance and Maintenance, and then double click System.
• If you were in Classic View just double click System.
• Now on the System Properties form, click the Advanced tab.
• Under the Performance area, click Settings button.
• On the Performance Options form, click the Advanced tab.
• Under the Virtual memory area, click the Change button
• Now on the Virtual Memory form under Drive [Volume Label], click the drive that contains the Paging File Size (virtual memory) settings that you need to change. In most cases, this will be your C drive. It will also normally be already selected by default.
• Click to select the System managed size option, then clickthe Set button.
• Click OK three times and restart your computer.

Normal results!

It is impossible to truly say how because there are many different ways to pick up these kind of infections. However in most cases it is from accessing questionable sites or downloading things that should not be downloaded, or just being to click happy without reading what something says. It can also easily occur when a PC is not properly protected or is out of date with updates for all software. It is quite possible that your problem was no protection an no updates based on your logs.

MGtools did not run properly. Did you accept the license agreement that popped up for TrendMicro HijackThis as was instructed in the READ ME? It does not look like it since I do not see it installed in your registry. Goto C:\MGtools and double click on analyse.exe and when you get the pop up license agreement, make sure you accept it. After doing this, you can just exit HijackThis.



Now download The Avenger by Swandog46, and save it to your Desktop.

• Extract avenger.exe from the Zip file and save it to your desktop
• Run avenger.exe by double-clicking on it.
• Check the 'Input script manually' box.
• Click on the magnifying glass icon.
• Copy everything in the Quote box below, and paste it in the box that opens:

• Now click the 'Done' button.
• Click on the traffic light icon and OK the prompt.
• You will be prompted to restart, OK the prompt and your PC should reboot, if not, reboot it yourself.
• A log file from Avenger will be produced at C:\avenger.txt

After reboot look for all of the above files we had Avenger attempt to delete. If you still see them, delete them yourself.

Also delete all files and subfolders in the below folders except ones from the current date (Windows will not let you delete the files from the current day).
C:\WINDOWS\Temp
C:\Documents and Settings\Administrator\Local Settings\Temp

Now run Ccleaner!

Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this and also attach the log from Avenger.

Make sure you tell me how things are working now!

 

It you do not have it set to allow Windows to manage it for you then change it now.

No! It is normal to not be allowed to access these file because they are protected Windows system files.

We will get to the How to protect yourself thread in a moment. But no I don't recommend that you use Symantec. In fact you even need to uninstall the below which Symantec never properly uninstalled:

LiveUpdate 2.0 (Symantec Corporation)

This error message is explained in the Using MGtools link given in the READ ME. You don't have the Microsoft .NET Framework software installed from Microsoft Update.


Your logs are clean. If you are not having any other malware problems, it is time to do our final steps:

1. If we used Pocket Killbox during your cleanup, do the below
   • Run Pocket Killbox and select File, Cleanup, Delete All Backups
2. If we used ComboFix then UNINSTALL COMBOFIX (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
   • Click START then RUN
   • Now type combofix /u in the runbox and click OK.
   • Note: The space between the X and the /U, it must be there.
3. If we user SDFix you can delete all the SDFix related files and folders from your Desktop or whereever you installed it.
4. If we used SmitFraudFix, you can delete all files and folders related to it now including the c:\rapport.txt log.
5. If we used VundoFix, you can delete the VundoFix.exe file and the C:\VundoFix Backups folder and C:\vundofix.txt log that was created.
6. If we had your run FixWareOut, you can delete the Fixwareout.exe file and the C:\fixwareout folder.
7. If we had you run Avenger, you can delete all files related to Avenger now.
8. If we had you run RenV.exe, you can delete it and the Log.txt file on your Desktop.
9. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
10. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
11. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
12. If you are running Windows XP or Windows ME, do the below:
    • Refer to the cleaning steps in the READ ME for your Window version and see the steps to Disable System Restore which will flush your Restore Points.
    • Then reboot and Enable System Restore to create a new clean Restore Point.
13. After doing the above, you should work thru the below link:
    • How to Protect yourself from malware!

 

Please make proper use of quote boxes like I'm doing below.

Post your problems and questions about Virtual Memory in the Software Forum.

All you previously said was the below could not be accessed:

Try this: Norton Removal Tool (SymNRT)

You should or you will have problems running any applications that require .NET and each day many more are being written.

Uninstall Spybot and wait until you get your Virtual Memory issues resolved before trying it again. But note that this is more than likely not malware. It is often cause by having multiple protection programs locking your hosts file. However it could also be due to the fact that your are running Spybot - Search & Destroy 1.4 which is not what we asked you to install in the READ & RUN ME. Uninstall the old version which did also have a bug that cause this problem to occur. There was an update that fixed this problem in 1.4 though.

If you do not have a Windows XP CD, how do you plan on reinstalling. Do you have a Recovery Partition or a Recovery CD from your PC manufacturer?

 

Virtual Memory has nothing to do with AVG not being able to scan the C drive. Are you sure it cannot scan the C drive. Previously it did start scanning because you gave me the below output which means it was scanning. It just could not access certain files which is normal.

Try scanning again and if you have problems, don't translate the messages into your own words. Give us the exact log of what AVG is saying.

However in answer to your quesion, yes you could try uninstalling, rebooting, and reinstalling AVG.

 

It has been a month snce you last posted here. Even in a 2 week time frame it is necessary to start the READ & RUN ME process all over again since so much can happen. Your current problems (at least some of them) may not have anything to do with malware but the only real way to know is if you run all steps and attach all new logs. Make sure you follow the current version of the READ ME and download tools again since you would be out of date if you use the ones you previously downloaded. We no longer use AVG Antispyware. Make sure you run SUPERAntispyware before trying ComboFix. You can try running ComboFix in safe mode and if it does not work, just skip it and continue.