First computer out of three

Welcome to Major Geeks!



You are way out of date with your version of SUPERAntiSpyware.

• Please uninstall your current version (this is necessary).
• Then download this SUPERAntiSpyware
• Install this new version. It may tell you that you need to reboot to complete the installation. You must reboot at this time.
• After the reboot, run SUPERAntiSpyware and immediately click the Check for Updates button to get more updates for the database.
• Now run a new full scan of your system. And attach this new log.

If you are going to be fixing more PCs, make sure that you have the correct version as above.

What program are you using to control startup processes and services? You have a load of things trapped in MSconfig registry keys. Are you using CCleaner? Whatever you are using you need to stop using it and get your PC into normal startup mode.

You are also not running the correct version of MGtools. You are about 6 months out of date. Please download the correct program from the link given in the READ & RUN ME and run it again. Then attach a new log.

I see a potentially bad driver in your ComboFix log. So you know what the below is? Does the file exist?
S0 xuodqns;xuodqns;c:\windows\system32\drivers\aygr.sys --> c:\windows\system32\drivers\aygr.sys [?]

 

Just because MSconfig indicates you are in normal startup mode it does not mean that you are not controlling startups with some other software and that is what my question is about.

My point is that you have things stuck disable in MSconfig registry keys. You even have services for Avast antivirus disabled. What are you using to disabled them? And stop doing this. If you are using CCleaner's ability to control startups, stop doing that. If you are using something else then stop using it. Then attach a new log from running Mgtools.

All of the below are trapped in MSconfig registry keys:

I also still see things from Norton Antivirus trying to load but you do not have it installed anymore. Are you running anything else from Norton? I do see some Norton password manager. Do you use it?

 

Okay then let's take care of all these items from Norton and Avast and some other misc issues too.

Please run the below then reboot. After reboot run it one more time.

Norton Removal Tool (SymNRT)


Now we need to use ComboFix

• Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
  • If it is not on your Desktop, the below will not work.
• Open Notepad and copy/paste the text in the below quote box into it:

• Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
• At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
• You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
• Now use your mouse to drag CFscript.txt on top of ComboFix.exe
• Follow the prompts.
• When it finishes, a log will be produced named c:\combofix.txt
• I will ask for this log below

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.

Copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Make sure that you tell me if you receive a success message about adding the above
to the registry. If you do not get a success message, it definitely did not work.

Now run Ccleaner!

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

Then attach the below logs:

• C:\ComboFix.txt
• C:\MGlogs.zip

Make sure you tell me how things are working now!

 

Your logs are clean.

If you are not having any other malware problems, it is time to do our final steps:

1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
3. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
   • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
   • "%userprofile%\Desktop\combofix" /u
     • Notes: The space between the combofix" and the /u, it must be there.
     • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
   • Delete the C:\combofix folder from combofix (if it exists)
4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
7. Go to add/remove programs and uninstall HijackThis.
8. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
9. If you are running Vista, Windows XP or Windows ME, do the below:
   • Refer to the cleaning procedures in step 3 the READ ME for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
10. After doing the above, you should work thru the below link:
    • How to Protect yourself from malware!

 

Still clean. You need to complete my final instructions ASAP and get this PC properly protected before it is not clean!

 

During the procedure for running ComboFix we had you install the Recovery Console. You will need to boot to it and then you will need to copy the ndetect.com file back into your C drives root folder. You will have to copy it from your Windows boot CD. Do you have you Windows SP2 boot CD because you will need it to get the file back?

• Reboot your PC and when you see the flash about the Recovery Console hit the up arrorw once to choose the Recovery Console and then hit enter to run the Recovery Console.
• When the Recovery Console comes up you need to choose your Window partition which is normally just 1 and hit enter.
• You will then get a C:\Windows> prompt
• Type cd C:\ and then hit enter and your prompt should change to C:\>
• Put your Windows boot CD into the CD drive
• In the below, I'm assuming your CD drive is drive D. If it is not drive D, you will have to use the appropriate drive letter ( like E, F, G....etc the recovery console will warn you if the drive is not present). Now with your CD in your CD drive type the below command to copy the file from your CD back to your C drive root folder
  • copy D:\i386\ndetect.com C:\
• If you get any message about the file not being found then you are not using the correct drive letter for your CD drive or you did not put the Windows Boot CD into the CD drive.
• Now type exit and hit enter
• This will exit the Recovery Console and reboot your PC.
• Allow it to boot back into Windows. Do you get past the error because ntdetect.com was missing?

 

I did not say it was in the Windows folder. The ndetect.com file belongs in the root folder. I'm explaining how to copy it back.

If the file that you deleted was ndetect.exe, that would be malware but it would not cause your PC to become unbootable.

If you cannot find your CD, you will have to borrow one or you will have to removed your hard disk from your PC and put it into another PC as a slave drive. Then you can either copy the file back out of the Recycle Bin and back into your root folder or you can copy an ndetect.com from the other PC but the other PC needs to be running the exact same version and SP level that you were running.

 

I'm sorry but I suggest that you post a very clear detailed description of your problems in the Software Forum as this is not a malware problem. Your logs were clean before you started doing things on your own that caused the issues you have now.

 

Your logs are still clean but you need to get your PC properly protected.

You can fix your clock from Control Panel ->Regional and Language Options and then on the Regional Options tab click the Customize button then on the next form click the Time tab. Then change the Time format to what you want. It explains there what the lower case and upper case letters will do. Upper case H is giving you 24 hour clock settings.