After Removing Spyware Fix etc. Problems

You're welcome. Okay that looks better as far as the infected partition goes. It is gone now.

Now we just need to figure out what is stopping the BFE service from running which in turn disable firewall capabilities.

I'm looking through your most recent logs to see I find anything else wrong. This BFE issue is troubling right now and is happening to many user's coming here with infections now. It is a plague with no easy fix. At least not yet.

 

Okay your registry entries are missing for the BFE and MpsSvc services.

Now run the C:\MGtools\FixWFW.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator). This will run very fast.


Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).

Then attach the below logs:

• C:\MGlogs.zip

​

 

That did not work. The registry keys did not get imported. They may be locked.

With Windows Explorer, navigate to the C:\MGtools\fixW7BFE.reg file and right click on it and select Merge. Allow it to be added to the registry. Does this seem to work or do you get an error message?

 

This is not the file I asked you to merge in.

 

Okay so it said it worked. Then let's see.

Now run the C:\MGtools\GetNetInf.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).

Then attach the below log which should get updated:

• C:\MGlogs.zip

 

Okay that added in part of what we wanted. Now do the below. Be careful of the filenames!!!!!

With Windows Explorer, navigate to the C:\MGtools\fixW7FW.reg file and right click on it and select Merge. Allow it to be added to the registry. Does this seem to work or do you get an error message?


With Windows Explorer, navigate to the C:\MGtools\fixW7FWdrv.reg file and right click on it and select Merge. Allow it to be added to the registry. Does this seem to work or do you get an error message?


If the above worked without any errors, run the C:\MGtools\GetNetInf.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).

Then attach the below log which should get updated:

• C:\MGlogs.zip

 

Yes they did now we have more to add.

Download the below file and save it to your Desktop

fixlegacy.reg

Then double click on it and allow it to be added to your registry. I'm betting there may be error messages this time! If you received an error, stop here and tell me.

If no error messages occured, then reboot your PC.


After reboot, download the current version of MGtools and save it to your root folder. Overwrite your previous MGtools.exe file with this one.

Run MGtools.exe ( Note: If using Vista or Win7, make sure UAC is still disabled. Also don't double click on it, use right click and select Run As Administrator )


Now attach the below log:

• C:\MGlogs.zip

Make sure you tell me how things are working now!

 

I expected that. Hangon a few minutes. I working on something to help.

 

I want you to download and save the below to your Desktop

• reglite.exe

Then double click on it to install the RegistrarLite program.

Now run the RegistrarLite Program and copy and paste the below into the address bar line and hit enter

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root

It will look like the below

http://forums.majorgeeks.com/attachment.php?attachmentid=170228&thumb=1&d=1323728408

• Then click on Security on the top menu and select Take Ownership
• Then click on Security on the top menu and select Edit Permissions
• On the next form, in the Group or user names: section, make sure Everyone is selected. Then in the bottom pane where it says Permissions for Everyone, put a check in the Full Control box and make sure it changes. It should look like the below when done correctly

http://forums.majorgeeks.com/attachment.php?attachmentid=170229&thumb=1&d=1323728408

Now repeat the same to Take Ownership and Edit Permissions after pasting the below into the address bar and hit enter

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BFE

http://forums.majorgeeks.com/attachment.php?attachmentid=170230&thumb=1&d=1323728408

Let me know if you are able to get the above completed.

 

Sorry if that was not clear. After pasting in the address, you have to either hit enter or click the green go button so that it navigates to the line in the registry. Sort of like using your bowser. When you enter a URL, you have to hit enter or go.

 

Make sure you copy and paste in the line to avoid typing mistakes. You must paste in EXACTLY the below

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root

then hit enter. The snapshot I gave you shows how it should look. It should come up in the left window pane with the Root folder selected and expanded.

Your other choice is to manually naviagte to the folder yourself and once you have the Root folder properly selected, it will show the full path in the address bar too.

If this does not work, it could be that Registrar Lite is not compatible with Win 7

 

What are you running????? This is not what I asked you to install. The link I gave you is to Registrar Lite version 2.0 not Registry Manager 7.00. I don't know what you are running.

And we double checked. Registrar Lite 2.0 work on Win 7. It may not be 100% compatible but it works well enough to follow the directions I gave. The only thing that may be missing is the "Everyone" user account since some people do not have this by default.

 

We tried it on Win 7 x64 and it ran, but the compter obviously did not have the infection you have. Whether that is the problem or not I don't know.

Would you like to try a remote access program named TeamViewer? Perhaps I can get in and see what is going on

 

No. I'll be at work still. I just happened to be home today. I don't get home until 9 pm or so my time ( about 6 pm your time ). So we would have to wait until then or later.

 

PHP:

Okay. I'm hoping to try this with another person now so we can find out what is going on with this infection.

 

Just finished up TeamViewer with another person.

You need to download and install the below

TeamViewer

Select personal account because that is free for non-businesses. Once you get it setup. PM me your TeamViewer ID and Password and I'll try to connect to you.

Keep checking messages here until we get connected.