Error messages when i start my pc

Firstly hello to everyone at MajorGeeks!, I've just registered here and I dont know too much about computers so any advice will be appreciated.

I've been having a couple of problems with spyware and trojans over the last couple of days. I stupidly installed derbiz.com by accident through msn and ended up with a load of rubbish on my pc. I have however managed to get rid of most of it (I hope!) using AVG, Spybot, Ad-aware, Mcafee, TDS-3 (all up to date) and going into safe mode to remove some offending items.
The problem im having now is when I turn my pc on. When it loads to the windows screen I get an error message saying windows could not load 'C:\Program'. I click ok and then it says Could not load or run 'C:\Program' and tells me i have to search for the file or delete the refrence to it in the registry. Again I click ok and get another error message saying windows could not load 'Files\WAFFLEz\mlg.exe' I click ok and get another error message saying could not load or run 'Files\WAFFLEz\mlg.exe'.

These messages started happening just after I downloaded the derbiz.com file from msn and i deleted some trojan/contaminated files that Mcafee alerted me to at the time. Have I deleted something I shoudnt have?. My pc seems to be running fine now but im a bit worried its still got something installed on it that shouldnt be there. I ran AVG today and it found nothing. Spybot found a couple of cookies and two registry files which I deleted and TDS-3 found a file called 'adware 180 solutions' (or very similar I cant remember exactly).

If anyone can give me some advice on how to get rid of the error messages that would be great. Thanks

 

http://www.majorgeeks.com/images/grenade.gif Download HijackThis 1.99.1

http://www.majorgeeks.com/images/grenade.gif Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

http://www.majorgeeks.com/images/grenade.gif Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the ZIP file as your backups will not be safely stored.

http://www.majorgeeks.com/images/grenade.gifBefore running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

http://www.majorgeeks.com/images/grenade.gifRun HijackThis and save your log file.

http://www.majorgeeks.com/images/grenade.gif Post your log as an ATTACHMENT to your next post. (Do NOT copy/paste the log into your post as it will be removed).

http://www.majorgeeks.com/images/grenade.gifNeed help with HJT? See this thread: NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

 

Here is my hijack this log file.
If it helps and just to let you know, I also went through all the steps in the "basic spyware, trojan and virus removal" thread although I was unable to go online in safe mode to run the Trend Micros virus scan and Symantec security check (I had to do these two checks in normal mode).
Thanks for you help.

 

Please download HOSTER and then follow the below steps.

• Unzip Hoster to a convenient folder such as C:\Hoster

• Run Hoster.exe, click Restore Original Hosts and then click OK.
• Click the X to exit the program.

Please look in Add or Remove Programs for the following and Uninstall them if found:

WAFFLEz

Now scan with HijackThis and Check the Boxes for the following:

Make sure All Browser Windows are Closed when you Click FIX.


O4 - HKLM\..\Run: [MSN Messages] msnmessag.exe
O4 - HKLM\..\RunServices: [MSN Messages] msnmessag.exe
O4 - HKCU\..\RunServices: [MSN Messages] msnmessag.exe

O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab

Again, make sure All Browser Windows are Closed when you Click FIX.

NOW:
Please boot into Safe Mode with the Viewing of Hidden Files & Folders Enabled and navigate to and DELETE the following if they should remain:

C:\Program Files\WAFFLEz ←–– Delete this whole folder if it exist!

msnmessag.exe ←–– Search for this file and delete when found!

NEXT:
Run CCleaner and Spybot S&D and have Spybot fix what it finds.
Note: Dont forget to update Spybot S&D by selecting "Search For Updates"

Then, as an added precaution, Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.


Reboot to Normal Windows , Scan with HijackThis and attach the new log.
Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now.

Good Luck!

 

I ran through all the steps you asked me to but im still getting the error messages when i start up.
Windows was also unable to find msnmessag.exe anywhere but I think i might have deleted this file earlier when i first started having problems. Apart from the error messages when i start up my pc seems to be running fine.
I've attached my new Hijack This log for you below. Thanks again for your help

 

I also notice your running McAfee & AVG, this is not recommended as running two antivirus programs will cause conflicts on your computer. Pick one and uninstall the other.

Now scan with HijackThis and Check the Boxes for the following:

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm

F3 - REG:win.ini: load=C:\Program Files\WAFFLEz\mlg1.exe

Make sure All Browser Windows are Closed when you Click FIX.

NOW:
In Hijack This, Open the misc. tools section and select Generate StartupListLog and attach this log to your next post.

 

I uninstalled McAfee and then followed the steps you suggested which seem to have sorted the start up error messages. I have attached my Hijack This startup list log below. Thanks for your advise, its been great help!.

 

Attach one last HJT log from normal mode.

 

Here is my latest Hijack this log file. Everything ok now?

 

Your log is clean!

Are you having any further problems?

 

Excellent! . Everything seems to be running fine now. Thank you very much for all your help!!

 

Your Welcome!

You should see this article on How to Protect yourself from malware!