start up probs after malware

We need to see logs in order to help you. You need to complete the procedures even if from safe mode and then attach the logs.

 

No it will not matter. Anything that you run into an issue with while in safe mode should just be written down so you can explain it to us later, but you need to keep moving on thru ALL steps. The final step is attaching the logs if still having problems.

 

Re: Malware/Adware

I merged you back to your original thread. Please remember to stay in one thread for your current malware problems.

You need to go back to the READ & RUN ME and disable Spybot's Teatimer as requested. This must be done before continuing or it will get in the way of the below fix.

Then please delete this:
C:\Documents and Settings\virusErasers\MGtools.exe

That is not where the READ & RUN ME specified to download MGtools to. You must be careful and follow instructions exactly as written.


Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O2 - BHO: (no name) - {5AD44A00-1238-4895-BAC4-C7DEE76D1F83} - C:\WINDOWS\system32\awtqQiiI.dll (file missing)
O21 - SSODL: SrvAvp - {83ab93a2-f43e-407c-9a61-0c5bb741b6db} - C:\WINDOWS\Resources\SrvAvp.dll (file missing)

After clicking Fix, exit HJT.

Now we need to use ComboFix to remove a bunch of malware files.

• Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
  • If it is not on your Desktop, the below will not work.
• Open Notepad and copy/paste the text in the below quote box into it:

• Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
• At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
• You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
• Now use your mouse to drag CFscript.txt on top of ComboFix.exe
• Follow the prompts.
• When it finishes, a log will be produced named c:\combofix.txt
• I will ask for this log below

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.


Copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Make sure that you tell me if you receive a success message about adding the above
to the registry. If you do not get a success message, it definitely did not work.

Now run Ccleaner!

Now run the C:\MGtools\GetLogs.bat file by double clicking on it.

Then attach the below logs:

• C:\ComboFix.txt
• C:\MGlogs.zip

Make sure you tell me how things are working now!

 

You need to go into the C:\MGtools folder. It is on your C drive because it was created when you first ran MGtools.exe and the C:\MGtools folder is in your logs. You are not looking properly. If you open up your C drive with Windows Explorer among all the entries on your C drive you should see:

• C:\MGtools <--- which is the folder created when you ran MGtools.exe
• C:\MGtools.exe <-- which is where we requested you download the file to but you did not do this as I stated in message # 7. You put it here: C:\Documents and Settings\virusErasers\MGtools.exe Thus you will not have C:\MGtools.exe unless you have redownloaded and saved it properly but that is not necessary since it once it is run the first time, you don't need MGtools.exe anymore.
• C:\MGlogs.zip <-- which is the log file created from running MGtools.exe or when you run GetLogs.bat

Thus make sure you are looking at FOLDERS when looking for the MGtools folder.

 

You're welcome. Your logs are clean.

If you are not having any other malware problems, it is time to do our final steps:

1. You can uninstall SUPERAntiSpyware now.
2. We recommed you keep Malwarebytes Anti-Malware as a scanner. It uses no resources except a little disk space until you run a scan.
4. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop & renamed it like we requested.)
   • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
   • "%userprofile%\Desktop\cf" /u
     • Notes: The space between the cf" and the /u, it must be there.
     • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
   • Delete the C:\cf folder from combofix.
5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
7. Go to add/remove programs and uninstall HijackThis.
8. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
9. If you are running Vista, Windows XP or Windows ME, do the below:
   • Refer to the cleaning steps in the READ ME for your Window version and see the steps to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
10. After doing the above, you should work thru the below link:
    • How to Protect yourself from malware!

 

How did you stop it from running? Undo whatever you did. Otherwise I suggest that you reinstall it now.

Then you don't have one to worry about.

Yes you did. See my fix in msg # 7 where you made the fixme.reg patch and in msg # 10 where you said it worked. Also your logs showed it was on your Desktop.

I'm not sure what steps you are referring to. It sounds like you are referring to the READ & RUN ME and my final instructions did not ask you to run the READ ME again nor did they say to run CCleaner.

 

It was written by me not Major Attitude. He posted the original thread. You will notice that my name is on the procedure.

Yes the instructions I'm referring to are part of your cleaning procedure for Windows XP. It stated the below (quoted from theWindows XP Cleaning Procedure ):

 

The free Malwarebytes is only an after the fact scanner so there is no clash.

Yes these will slow things down somewhat. Especially on a PC like yours that is low on the amount of installed RAM. Uninstall A-Squared and see if things improve. If not, uninstall Online Armor and try a different firewall.