I ran the READ ME FIRST

Yes you will have to run all the scanns again considering many updates have been made. Your version of SUPERantispyware is out of date and will need uninstalling before the most current version is installed. However with Malware Bytes it's easier as all you have to do is update from the program itself to get the most current version.

You neglected to include the C:\Mglogs.zip from running MGTools.exe so please ensure that you do indeed follow all steps in the correct order and not miss any.

Some malware was removed with one of the scanners and you also have a couple of missing files, but according to your RootRepeal log, you could have an MBR infection, so without delay, you should complete the R&R again and attach all of the requested logs when done.

 

Hi.

1. Please go to Add/Remove programs and uninstall the following software:

• Java(TM) 6 Update 18

2. Are you set up to use the following proxy?

I suspect not, so if that's the case then please fix it with HJT.

Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

After clicking Fix exit HJT.

3. Now we need to use ComboFix

• Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
  • If it is not on your Desktop, the below will not work.
• Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
• If ComboFix tells you it needs to update to a new version, make sure you allow it to update.
• Open Notepad and copy/paste the text in the below quote box. Ensure you scroll down to select ALL the lines:

Code:

KILLALL::

Folder::
C:\Documents and Settings\HelpAssistant
C:\Documents and Settings\HelpAssistant.SL600M

• Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
• At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
• You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
• Now use your mouse to drag CFscript.txt on top of ComboFix.exe
  
  http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
  
  
• Follow the prompts.
• When it finishes, a log will be produced named c:\combofix.txt
• I will ask for this log below

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.

4. Please download HelpAsst_mebroot_fix.exe and save it to your desktop.
Close out all other open programs and windows.
Double click the file to run it and follow any prompts.
If the tool detects an mbr infection, please allow it to run mbr -f and shutdown your computer.
Upon restarting, please wait about 5 minutes, click Start>Run and type the following bolded command, then hit Enter.

Make sure you leave a space between helpasst and -mbrt !
When it completes, a log will open.
Please post the contents of that log.

• In the event the tool does not detect an mbr infection and completes, click Start>Run and type the following bolded command, then hit Enter.

Now, please do the Start>Run>mbr -f command a second time.
Now shut down the computer (do not restart, but shut it down), wait a few minutes then start it back up.
Give it about 5 minutes, then click Start>Run and type the following bolded command, then hit Enter.

Make sure you leave a space between helpasst and -mbrt !
When it completes, a log will open.
Please post the contents of that log.

**Important note to Dell users - fixing the mbr may prevent access the the Dell Restore Utility, which allows you to press a key on startup and revert your computer to a factory delivered state. There are a couple of known fixes for said condition, though the methods are somewhat advanced. If you are unwilling to take such a risk, you should not allow the tool to execute mbr -f nor execute the command manually, and you will either need to restore your computer to a factory state or allow your computer to remain having an infected mbr (the latter not recommended).

5. Now to try and deal those missing files:

SystemLook

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

• Double-click SystemLook.exe to run it.
• Copy the content of the following codebox into the main textfield:
  
  Code:

  :filefind
  beep.sys
  regsvc.dll
  msconfig.exe

• Click the Look button to start the scan.
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

6. Now reboot your machine and install the most current and up to date version of Java available here at the below link:

Java Runtime 6

Also note that sooner or later it would be wise to update to the most current version of avg. Either that or switch to another antivirus. The version you are using is outdated. But let's deal with malware removal first.

7. Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this and also attach the other logs that I requested from Mebroot and SystemLook.

8. Let me know how the machine is behaving.

 

Just a quick question, did you follow step 6 of the R&R?

 

Then please run step 6 of the R&R just to make sure and then if anything is installed it will be disabled whilst we carry out the fix.

Now I would like for you to try and replace a missing file:

Running SFC Scannow


Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

After clicking Fix exit HJT.

Now we need to use ComboFix

• Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
  • If it is not on your Desktop, the below will not work.
• Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
• If ComboFix tells you it needs to update to a new version, make sure you allow it to update.
• Open Notepad and copy/paste the text in the below quote box. Ensure you scroll down to select ALL the lines:

Code:

KILLALL::

Fcopy::
C:\WINDOWS\ServicePackFiles\i386\regsvc.dll | c:\windows\System32\regsvc.dll
C:\WINDOWS\ServicePackFiles\i386\msconfig.exe | C:\WINDOWS\PCHealth\HelpCtr\Binaries\msconfig.exe

Folder::
C:\Documents and Settings\HelpAssistant

• Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
• At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
• You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
• Now use your mouse to drag CFscript.txt on top of ComboFix.exe
  
  http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
  
  
• Follow the prompts.
• When it finishes, a log will be produced named c:\combofix.txt
• I will ask for this log below

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this.

 

First a comment about you using sfc. It kept asking you for the disk for one of three reasons:

• You did not read the message closely and it probably asked for a specific SP version and that may not be the disk you put in.
• Or the disk is damaged.
• Or you really did not put in a Windows bootable OS disk but rather some recovery disk supplied with the PC.
• Since you say you cannot login now, your choices are somewhat limited.

Will Last Known Good Configuration work?

If the above does not work then the Recovery Console will likely be required to do the below

How to recover from a corrupted registry that prevents Windows XP from starting



Is this a Dell PC? If yes, you may want to also read this: http://support.microsoft.com/kb/310794