Not sure what's causing problems!

Welcome to Major Geeks!

It works much better when you use the proper versions of the programs. You are EXTREMELY out of date with SUPERAntiSpyware, Malwarebytes and ComboFix. Uninstall ( you MUST uninstall) what you have and download what we asked you to install in the READ & RUN ME. Make sure you UPDATE SUPERAntispyware and Malwarebytes during the installation as requested. Attach new logs.

The log is right where the procedure said it would be. C:\MGlogs.zip It is not in the MGtools folder. You will have to run it again after doing all the new scans with correct versions of the programs.

 

Part of Authentium Antivirus. Ignore it.

 

The instructions in the READ & RUN ME for each of these tools give you manual download links for updating. I suggest that you use them.


You still need to attach the log from MGtools. It does not require any updates after installing and you still have not attached this log. Until you do, we cannot help you. As suggested earlier, you should run it again after properly updating and rescanning with the other tools. If for some reason, you still cannot manage to get SAS and MBAM updated, just attach the C:\MGlogs.zip file so that we can try to get started.

 

You have not been following instructions properly.

• You have multiple antivirus programs running (McAfee Security Center and Microsoft Security Essentials). The first instructions in the READ & RUN ME tell you that you must not do this. You must uninstall one of these now and then reboot immediately. And if you decided to uninstall McAfee then after reboot run this: McAfee Consumer Product Removal Tool
• You are using a 5 month out of date version of ComboFix and not what we asked you to download in the READ & RUN ME. Delete this copy. Do not run ComboFix again unless I request it.
• Also you have MGtools.exe on your Desktop and we specified that it needs to be save and run from the root folder of the Windows boot drive which is C:\MGtools.exe. Just delete the copy on your Desktop now.

Run this Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Uninstall the below old versions of software:
Command On Demand for Command Software
J2SE Runtime Environment 5.0 Update 5
Java(TM) 6 Update 11

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - (no file)
O2 - BHO: HpWebHelper - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - (no file)
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [combofix] C:\ComboFix\CF15584.cfxxe /c C:\ComboFix\Combobatch.bat
O4 - HKLM\..\RunOnce: [combofix] C:\ComboFix\CF15584.cfxxe /c C:\ComboFixCombobatch.bat
O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} (CSS Web Installer Class) - http://threats.freedom.net/viruscenter/onlineviruscheck/cabs/cssweb.cab

Optionally you can fix the below unnecessary starups that are wasting system resources and slowing down startup.
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: TrueAssistant.lnk = C:\Program Files\TrueSwitchAT&TMembers\TrueWizard.exe

After clicking Fix, exit HJT.

Copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Make sure that you tell me if you receive a success message about adding the above
to the registry. If you do not get a success message, it definitely did not work.


Now download The Avenger by Swandog46, and save it to your Desktop.

• Extract avenger.exe from the Zip file and save it to your desktop
• Run avenger.exe by double-clicking on it.
• Do not change any check box options!!
• Copy everything in the Quote box below, and paste it into the Input script here: part of the window:

• Now click the Execute button.
• Click Yes to the prompt to confirm you want to execute.
• Click Yes to the Reboot now? question that will appear when Avenger finishes running.
• Your PC should reboot, if not, reboot it yourself.
• A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.

After reboot, now install the current version of Sun Java from: Sun Java Runtime Environment

Now run Ccleaner. Only use the Run Cleaner button. Do not run anything else on any other forms.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).


Then attach the below logs:

• C:\avenger.txt
• C:\MGlogs.zip

Make sure you tell me how things are working now!

 

It is in Add/Remove Programs just like other programs that are installed including McAfee. All you had to do was uninstall Microsoft Security Essentials.

Sorry about that! I was still looking at your first log which showed ComboFix 09-10-20.03. I needed to recheck it to see what was found on the 1st run and forgot about the new log. The second log is from the newer version ( ComboFix 10-02-25.02 )

Okay then we may need to use ComboFix to make these changes.

Probably due to the same limitation on registry editing.

This will not fix everything since some steps are specifically related to the problem account and running them on another account fixes the other account not the problem user account.

What exactly were you trying to view.

Since you are running XP Pro, have you looked at Global Security Policies to make sure that changes have not been made to change permissions for this user account? Click Start, Run, and enter gpedit.msc and click OK. Look under the following areas:


Computer Configuration ->> Windows Settings --> Local Policies -->

• User Right Assignment
• Security Options

Also under Computer Configuration ->> Windows Settings --> Software Restriction Policies - to make sure no software restrictions have been instituted.

Then you should check User Configuration and in each of the areas under it (like Software Settings, Security Settings....etc) make sure you see Not Configured under everything ( that is unless someone created polices that they want here ).

I'll look thru your new logs now an create a new fix using ComboFix to try and overcome the issue with some locked registry keys. We will have to restore some items that ComboFix will incorrectly delete ( like C:\WINDOWS\system32\CLRVIDDC.DLL ) which I restore last time with Avenger.

Question: Who installed SpeedyPC and what was done with it? Did problems begin after using this?

 

Another set of questions:

1. Which account is the new account you created? Is it the one named Admin?
2. Which account is having problems? Is it the one named Compaq_Administrator?

 

I already removed some of it it one of the fixes since I did not trust it and most of these programs do not do anything that you yourself cannot easily do. Registry cleaning should be avoided. It is rarely necessary and when done, it should not be to juist blindly fix everything that pops up. So in reality, only under expert advice. Let's ignore it for now since I basically stopped it from running already.


First download combofix.exe and save it to your Desktop. It needs to be run (as show below) while logged into the problem account. Shutdown Microsoft Security Essentials before running the steps below.




Now we need to use ComboFix to remove a bunch of malware files.

• Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
  • If it is not on your Desktop, the below will not work.
• Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
• If ComboFix tells you it has expired or need to be updated to a new version, make sure you allow it to update.
• Open Notepad and copy/paste the text in the below quote box into it:

• Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
• At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
• You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
• Now use your mouse to drag CFscript.txt on top of ComboFix.exe
• Follow the prompts.
• When it finishes, a log will be produced named c:\combofix.txt
• I will ask for this log below

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.


Now run Ccleaner. Only use the Run Cleaner button. Do not run anything else on any other forms.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).




Then attach the below logs:

• C:\ComboFix.txt
• C:\MGlogs.zip

Make sure you tell me how things are working now!

 

Your problems may not be due to malware. You may have registry hive corruption. You can either try using System Restore to go back to an older restore point to see if it cures the issues or you may want to just use the new user account you created and delete the old one.

 

You're welcome.


Since you are not having other malware problems, it is time to do our final steps:

1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
3. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
   • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
   • "%userprofile%\Desktop\combofix" /uninstall
     • Notes: The space between the combofix" and the /uninstall, it must be there.
     • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
7. Go to add/remove programs and uninstall HijackThis.
8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
10. After doing the above, you should work thru the below link:
    • How to Protect yourself from malware!