Administrator Account password Origin UNKNOWN

Welcome to Major Geeks!

First let's just be up front and say that many of your issues are probably not malware related and that you really may be better off just reinstalling this PC from scratch rather than spending alot of time trying to fix any malware problems along with fixing all the Window Operating System issues that may exist.

You say this has been disconnected since Feb and that the kids have been off of it but then who is responsible for all the below:

Code:

2008-09-12 11:22 --------- d-----w C:\Program Files\Chameleon Gems
2008-09-12 11:20 --------- d-----w C:\Program Files\Ultra Fractal 4
2008-09-12 11:20 --------- d-----w C:\Documents and Settings\mstihkal333\Application Data\Ultra Fractal 4
2008-09-12 11:19 --------- d-----w C:\Program Files\Total Video Converter
2008-09-12 11:15 --------- d-----w C:\Program Files\Photo Collage Creator
2008-09-12 11:15 --------- d-----w C:\Program Files\Nufsoft
2008-09-12 11:14 --------- d-----w C:\Program Files\Mystery Solitaire - Secret Island
2008-09-12 11:14 --------- d-----w C:\Program Files\Mysteries Of Horus
2008-09-12 11:13 --------- d-----w C:\Program Files\Magic Tea
2008-09-12 11:12 --------- d-----w C:\Program Files\Jewel Quest Solitaire II
2008-09-12 11:11 --------- d-----w C:\Program Files\Hidden Wonders Of The Depths
2008-09-12 11:10 --------- d-----w C:\Program Files\CHM2Word
2008-09-12 11:09 --------- d-----w C:\Program Files\CHM To PDF Converter PRO
2008-09-12 11:09 --------- d-----w C:\Program Files\Aztec Ball
2008-09-12 11:08 --------- d-----w C:\Program Files\Ancient Tripeaks II
2008-09-12 08:33 --------- d-----w C:\Documents and Settings\mstihkal333\Application Data\Boomzap
2008-09-10 21:51 --------- d-----w C:\Program Files\Digital Expressions
2008-09-10 04:48 --------- d-----w C:\Program Files\XnView
2008-09-06 23:46 --------- d-----w C:\Program Files\Stones Of Khufu
2008-09-06 23:46 --------- d-----w C:\Program Files\Spheres 2000 Pro
2008-09-06 23:46 --------- d-----w C:\Program Files\Mahjong Towers II
2008-09-06 23:46 --------- d-----w C:\Program Files\Harmony Assistant
2008-09-06 23:46 --------- d-----w C:\Program Files\Haiku Journey
2008-09-06 23:46 --------- d-----w C:\Program Files\Framing Studio
2008-09-06 23:46 --------- d-----w C:\Program Files\FolderSize
2008-09-06 23:45 --------- d-----w C:\Program Files\WhatsRunning
2008-09-06 23:45 --------- d-----w C:\Program Files\SolSuite
2008-09-06 23:45 --------- d-----w C:\Program Files\Media Player Classic
2008-09-06 23:45 --------- d-----w C:\Program Files\JetAudio
2008-09-05 20:11 --------- d-----w C:\Program Files\RegScrubXP
2008-08-22 01:33 --------- d-----w C:\Program Files\Big Kahuna Words
2008-08-13 21:02 --------- d-----w C:\Documents and Settings\mstihkal333\Application Data\SPORE Creature Creator
2008-08-02 06:25 --------- d-----w C:\Program Files\KoolMoves
2008-07-21 02:57 --------- d-----w C:\Documents and Settings\mstihkal333\Application Data\SolSuite
2008-07-19 23:23 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\BVRP Software
2008-07-19 20:59 --------- d-----w C:\Program Files\Motorola Phone Tools
2008-07-19 20:59 --------- d-----w C:\Program Files\Avanquest update

This cannot be fixed by malware removal. You will need to use an NT Password Reset tool like thishttp://home.eunet.no/pnordahl/ntpasswd/

All probably registry issues.

Not malware.

Not malware. This is RNmail's ReadNotify IE Add-on

Not malware.

Not sure what this is. Is it still showing up after running the cleaning procedures?

You have SUPERAntiSpyware disabled with AutoRuns. It cannot run if you do this. Please stop using AutoRuns. Can SUPERAntiSpyware be run now after running the other steps? If not, explain exactly what happens.

You have Avast installed but it does not show up as running. Are you filtering things with HijackThis or are you using any tools like AutoRuns, RegRun ....etc to block things from running. If so, you need to stop doing this now. Just like with MSconfig, we need to see everything.

You also appear to have been running or have loaded to many antispyware programs. Some may be uninstalled but the uninstall was incomplete. Like CounterSpy and Spy Sweeper.

Before trying to cleanup any remnants you have remaining you will need to uninstall WinPatrol as it will just get in the way of clean up. Also you should uninstall Spyware Guard because it is too old and out of date to be useful anymore. You should also uninstall the outdated version of Spyware Blaster you have installed and when we finish malware removal, you can update to the proper version.

Now we need to use ComboFix.

• Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
  • If it is not on your Desktop, the below will not work.
• Open Notepad and copy/paste the text in the below quote box into it:

• Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
• At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
• You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
• Now use your mouse to drag CFscript.txt on top of ComboFix.exe
• Follow the prompts.
• When it finishes, a log will be produced named c:\combofix.txt
• I will ask for this log below

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.

Copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Make sure that you tell me if you receive a success message about adding the above
to the registry. If you do not get a success message, it definitely did not work.

Now run Ccleaner!

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

Then attach the below logs:

• C:\ComboFix.txt
• C:\MGlogs.zip

Make sure you tell me how things are working now!

 

Attach the log if it ran.

You did not respond to all of my question in my last message. Please do so now.

 

If all of these items are uninstalled now then delete the left over unnecessary folders.

AutoRuns is a program from SysInternals which is now part of Microsoft. It does not appear in Add/Remove programs as it does not need an installation. It is just directly run from whereever you save it to.

How are you disabling it? I don't see any of the processes running or loading other than the services. Perhaps is would be best if you just uninstall it now and then download and install the current version from here: Avast! Home Edition


Your logs are clean. Remaining issues appear to be related to registry settings for Explorer which you would be better off discussing in the Software Forum. But the below registry patch may or may not help with the Open Containing Folder issue.


Copy the bold text below to notepad. Save it as dirshell.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Make sure that you tell me if you receive a success message about adding the above
to the registry. If you do not get a success message, it definitely did not work.

A reboot may be needed afterwards to see any effect.

If you are not having any other malware problems, it is time to do our final steps:

1. We recommed you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
3. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
   • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
   • "%userprofile%\Desktop\combofix" /u
     • Notes: The space between the combofix" and the /u, it must be there.
     • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
   • Delete the C:\combofix folder from combofix (if it exists)
4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
7. Go to add/remove programs and uninstall HijackThis.
8. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
9. If you are running Vista, Windows XP or Windows ME, do the below:
   • Refer to the cleaning steps in the READ ME for your Window version and see the steps to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
10. After doing the above, you should work thru the below link:
    • How to Protect yourself from malware!

 

You're welcome. Note that you are still missing realtime antispyware protection as suggested in the How to protect yourself link.