Could you check my reports

Welcome to Major Geeks!

Why are you running the READ & RUN ME to begin with? What malware problems were you having? You don't appear to have any.

You can rerun Spybot and Immunize to create a large hosts file blocking thousands of bad sites if that is what you are looking for.

MGtools works just fine with Vista. That is why it is in the Vista Cleaning procedure. It only will not work with 64bit versions of Windows but you do not have a 64 bit version because ComboFix would not have run.

 

That is not a process. It is a TCP/IP connection which is more than likely just to your ISP.

Because the cleaning procedures take a shortcut of not checking tens of thousands of lines in a host file for validity. It is easier just to delete them. As I said in my last message, you can added them back in with Spybot's Immunize feature.

Not malware. You may have other protection software conflicting with Homer.

I'm not sure why this is occurring since Vista is supported. It may be something related to how your version info is presented. What you you get when you enter the ver command at a command prompt?

That's the same file. Capital letters make no difference.

 

I need to know everything that is returned on the line. For example a US based version of Windows Vista would say

Microsoft Windows [Version 6.0.6000] or Microsoft Windows [Version 6.0.6001]

depending on which Service Pack is installed. If yours does not use the english word Version, then that would be a problem.

I doubt it was changed. Perhaps you recently did a Windows Update. Right click on the C:\windows\explorer.exe file and select Properties and then select the Version tab and take a look at all the info under the Version tab.

It may be due to how the version information line is being returned.

It could be Spybot or any other protection software that is locking your hosts file.

 

That's good!

If you would not mind, I would like you to try out the new version below to see if it is able to get around this

MGtools.exe

If it runs then attach the C:\MGlogs.zip file. If it does not run, tell me what exactly happens.

 

This is okay just for the scans. I see 2 quick issues.

1. your Avast Antivirus program is not installed/running properly.
2. one of the tools in the scan did not run. This tool is named ShowNew.bat. Please goto the C:\MGtools folder and find the ShowNew.bat and double click on it and tell me what you see in the command prompt window that comes up. Do you get any error messages?

 

Please do the below in the order written.

Download a new copy of Avast from this link: Avast! Home Edition Don't run it yet!! Just download it.

Now uninstall your current copy of Avast!
Now reboot (do not skip the reboot)
Now install from the new copy just downloaded above.

Most likely not a problem.

This is normal and you can allow netstat to have access to your network. GetRunKey.bat is running netstat to create a log of your connections to look for potential problems.

Please download this View attachment NewSN.zip into the C:\MGtools folder. Then extract the ShowNew.bat file from the ZIP file into the C:\MGtools folder thus overwriting your previous copy. Then try running this new ShowNew.bat file by double clicking on it. Let me know if this one works.

 

Great! It worked properly now. Thanks for working with me on this. This will help others in the future who have non-english versions of Windows Vista.

When run this way, the command prompt window will not close until you close the notepad windows that pops up showing the newfiles.txt log.

Now let's finish up a few things and make sure Avast was installed properly.

Uninstall the below old versions of software:
Java(TM) 6 Update 3
Java(TM) 6 Update 5

Now reboot your PC.

After reboot, now install the current version of Sun Java from: Sun Java Runtime Environment

Also delete all files and subfolders in the below folders except ones from the current date (Windows will not let you delete the files from the current day).
C:\Windows\TEMP
C:\Users\jc\AppData\Local\Temp

Now run the C:\MGtools\GetLogs.bat file by double clicking on it.


Then attach the below log:

• C:\MGlogs.zip

How is everything working for you now?

 

No it is not running properly and neither are many other things because you are using MSconfig to control startups. In step 1 of the READ & RUN ME we specified that you must not do this but you still are.

 

After you put your system into Normal Startup mode, you should reboot and then run the C:\MGtools\GetLogs.bat file by double clicking on it.


Then attach the new C:\MGlogs.zip file

 

You really should read the links in the READ & RUN ME sticky thread. This one explained all this too you: Dealing with Startup Processes You should not use MSconfig like this at all. It can cause major problems especially if you disable the wrong service.

You are wasting your time. This folder is used by A-squared. Avast is incorrect. Either uninstall A-squared or ignore detections at this location in the future.

You have been running Spybot's Teatimer all of this time and it may be causing problems getting things to uninstall/install properly. You need to disable Teatimer as requested in the READ & RUN ME and then reboot. See this: How to disable Spybot's TeaTimer

Now that MSconfig is no longer being used and now that Teatimer is disabled, you need to reinstall Avast again. It still is not running properly. This may be a permanent result of what you were doing with MSconfig. The services for Avast are not showing up which means Avast can easily be terminated by malware and some of Avast's features may not work.


Now copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Make sure that you tell me if you receive a success message about adding the above
to the registry. If you do not get a success message, it definitely did not work.


Now run Ccleaner!

Now run the C:\MGtools\GetLogs.bat file by double clicking on it.

Then attach the below log:

• C:\MGlogs.zip

Make sure you tell me how things are working now!

 

Are you sure that you are uninstalling and reinstalling Avast properly? What version are you installing? Did you use the link I gave you?

Have you been deleting any entries seen in your HijackThis log on your own? Are you filtering any lines with HijackThis. Are you using some other program to control startups? You only show the below for Avast in your HijackThis log's process list:

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

Nothing else for Avast is showing. You should be seeing all of the below.

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O4 - HKLM\..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

 

Okay that's better everything looks fine now.

For future reference, you should now see that you don't want to use the ignore list when posting in forums for help. We spent a bunch of time trying to fix a problem when there wasn't any.


If you are not having any other malware problems, it is time to do our final steps:

1. You can uninstall SUPERAntiSpyware now.
2. We recommed you keep Malwarebytes Anti-Malware as a scanner. It uses no resources except a little disk space until you run a scan.
4. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop & renamed it like we requested.)
   • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
   • "%userprofile%\Desktop\cf" /u
     • Notes: The space between the cf" and the /u, it must be there.
     • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
   • Delete the C:\cf folder from combofix.
5. If we used SmitFraudFix, you can delete all files and folders related to it now including the c:\rapport.txt log.
6. If we used VundoFix, you can delete the VundoFix.exe file and the C:\VundoFix Backups folder and C:\vundofix.txt log that was created.
7. If we had you run Avenger, you can delete all files related to Avenger now.
8. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
9. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
10. Go to add/remove programs and uninstall HijackThis.
11. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
12. If you are running Vista, Windows XP or Windows ME, do the below:
    • Refer to the cleaning steps in the READ ME for your Window version and see the steps to Disable System Restore which will flush your Restore Points.
    • Then reboot and Enable System Restore to create a new clean Restore Point.
13. After doing the above, you should work thru the below link:
    • How to Protect yourself from malware!

 

You're welcome. Surf safely!

 

This does not sound like it is related. Are you sure that this is not some how related to viewing of hidden files and folders which ComboFix will disable when it is uninstalled.

ComboFix should not run! It should just uninstall and the Desktop icon should be removed as the file is deleted. Also temporary files for it and backups will be removed.