possible malware problem. RRM logs

Welcome to Major Geeks!

Try doing the below. I prefer you do this in normal boot mode but you can try safe boot mode if you cannot run in normal boot mode.

First you must disable Spybot's Teatimer. See this: How to disable Spybot's TeaTimer

You should not be running Teatimer with Ad-Aware's Ad-Watch enabled and also you really should not use Ad-Watch with AVG8 installed which has its own antispyware built-in. Disable AVG8 and Ad-watch before trying to do the below!!

Run this Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Uninstall the below old versions of software:
J2SE Runtime Environment 5.0 Update 2
Java(TM) 6 Update 3

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\twex.exe,
O1 - Hosts: 94.232.248.66 browser-security.microsoft.com
O1 - Hosts: 94.232.248.66 antivirprotection.com
O1 - Hosts: 94.232.248.66 www.antivirprotection.com
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing)

After clicking Fix, exit HJT.


Now download The Avenger by Swandog46, and save it to your Desktop.

• Extract avenger.exe from the Zip file and save it to your desktop
• Run avenger.exe by double-clicking on it.
• Do not change any check box options!!
• Copy everything in the Quote box below, and paste it into the Input script here: part of the window:

• Now click the Execute button.
• Click Yes to the prompt to confirm you want to execute.
• Click Yes to the Reboot now? question that will appear when Avenger finishes running.
• Your PC should reboot, if not, reboot it yourself.
• A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.

After reboot look for all of the above files we had Avenger attempt to delete. If you still see them, delete them yourself.

Also delete all files in the below folders except ones from the current date (Windows will not let you delete the files from the current day).
C:\WINDOWS\Temp
C:\Documents and Settings\Amanda Frehner\Local Settings\Temp

You were way out of date with your version of SUPERAntiSpyware.

• Please uninstall your current version (this is necessary).
• Then download this SUPERAntiSpyware
• Install this new version. It may tell you that you need to reboot to complete the installation. You must reboot at this time.
• After the reboot, run SUPERAntiSpyware and immediately click the Check for Updates button to get more updates for the database.
• Now run a new full scan of your system. And attach this new log.

Now also try to run Malwarebytes and click the Update tab. Then click the Check for Updates button so you update to the current version of the program and database. Then run a new scan with it too. Attach the new log.

Now run Ccleaner. Only use the Run Cleaner button. Do not run anything else on any other forms.

Now download the current version of MGtools and save it to your root folder. Overwrite your previous MGtools.exe file with this one.

Run MGtools.exe ( Note: If using Vista make sure UAC is still disabled. Also don't double click on it, use right click and select Run As Administrator )

Then attach the below logs:

• C:\avenger.txt
• the logs from SUPERAntiSpyware and Malwarebytes if they ran.
• C:\MGlogs.zip

Make sure you tell me how things are working now!

 

System Restore has nothing to do with Compaq. System Restore is a Windows feature.

Now it sounds to me like you did not mean System Restore but rather meant a factory restore which returns a PC to the state it was shipped. This I cannot help you with. You could check in the Software Forum or on HP's website to find out how to do that.

A possible option, that may or may not work, would be to put this hard disk into another PC as a slave drive and run scans on it while in the other PC. Also you could then manuall delete the C:\WINDOWS\system32\twex.exe file I mentioned but it will not be on the C drive when slaved in the other PC. It will be whatever drive letter it gets as a slave drive.

 

You're welcome. Let us know what happens.