One messed up computer!!...

Work on the below while I look thru the rest of your logs!

Contrary to what was requested in the READ ME, you have two antivirus programs installed. You need to uninstall one now! Since you have a whole security suite installed (probably from your ISP which is Earthlink) it would be easier right now to just uninstall AVG 7.5

Now uninstall the below old versions of software:
J2SE Runtime Environment 5.0 Update 10
Java 2 Runtime Environment, SE v1.4.2_03

Make sure you reboot after uninstalling the above!

After reboot, now install the current version of Sun Java from: Sun Java Runtime Environment

 

After completing the instructions in message # 3, continue with the below.

Goto Add/Remove Programs and uninstall the below
CounterSpy <--- we are finished with this trial now
Deal Info

Run HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - Startup: PowerReg Scheduler V3.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
After clicking Fix, exit HJT.

Copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it
double click it and allow it to merge with the registry.

Now download The Avenger by Swandog46, and save it to your Desktop.

• Extract avenger.exe from the Zip file and save it to your desktop
• Run avenger.exe by double-clicking on it.
• Check the 'Input script manually' box.
• Click on the magnifying glass icon.
• Copy everything in the Quote box below, and paste it in the box that opens:

• Now click the 'Done' button.
• Click on the traffic light icon and OK the prompt.
• You will be prompted to restart, OK the prompt and your PC should reboot, if not, reboot it yourself.
• A log file from Avenger will be produced at C:\avenger.txt

Now run Ccleaner!

Now attach the below new logs and tell me how the above steps went.

1. Avenger
2. GetRunKey
3. ShowNew
4. HJT

Make sure you tell me how things are working now!

 

Just skip the reinstall of the new java for now and complete all other steps. Then come back to the java reinstall.

 

Your logs are clean! Are you having any malware problems?

Try running the below to cleanup possible bad installations issues with Java or any other program.

Windows Installer CleanUp Utility


Then try reinstalling Sun Java.

 

Are you logging into an account that has administrator priviledges? Double check in Control Panel, User Accounts to see how your account is described.

Also what happens if you boot into safe mode? Do all the same problems exist?
What happens if you use a differenet user account in normal mode (assuming you have another user account)?
What happens if you use the user account named Administrator in safe mode?


Also look into the IE7 add-ons (Internet Options -> Programs -> Manage add-ons) and tell me what you see.

 

Are you saying that file extensions are not recognize in normal boot mode? Like no .EXE files will run?
What about desktop icons ( .lnk files)? Can they be double clicked to run anything?

If you boot into safe mode and create a new user account (for test purposes) and make it an admin account, can this account be accessed in normal mode and do things run properly.

On the problem user account, log on in safe mode and get the below logs and attach them here:

• GetRunKey
• ShowNew
• HijackThis

 

I'm not sure what you mean! You seem to be having all kinds of problems. Most of which may not be malware.

Well I'm not sure what you meant but yes something is wrong if you cannot connect.

Not according to you newfiles.txt log.

What message and when are you getting it?

Please click Start, Run, and enter msconfig into the run box and click OK.
On the General tab of the System Configuration Utility choose Selective Startup.
Then Uncheck the boxes for Load System Services and Load Startup Items.
Then click Apply and OK.
Then reboot into Normal Mode.

Now tell me if any of the problems have changed. Do not try to connect to the internet though since this will not work with those items unchecked.

 

That is the direction I was headed in with the selective startup procedure. I was going to show you how things would work without it loading and then with it loading.

You did not get all of the Earthlink junk removed and now you have mutliple antivirus applications running.


Notice all the below in your HJT log which is from Earthlink

Also the below Earthlink items shows in your Uninstall Programs List and may be in Add/Remove programs. You should decide whether any of this junk is required just to get access.

Also you should uninstall the below left over from Symantec:
LiveUpdate 1.90 (Symantec Corporation)

 

You would use HijackThis just like we did previously but first you have to determine what you need from this Earthlink stuff. I doubt that very much of it is required but I cannot answer that since I have never used Earthlink. You definitely need to uninstall some of it since you now have Avast and Authentium (aka Command) Antivirus running. Also the below is considered adware:
O4 - HKLM\..\Run: [ELNKProxy] C:\WINDOWS\surfmonkey\smproxy.exe

Disabe System Restore and leave it disabled (just for now). Then run a scan with Avast. Does it still find things in System Restore.

 

It is part of the Earthlink/TotalAccess stuff. We will see if we can manually stop if later.

Is System Restore still disabled? Even if your answer is yes, the files/folders here are still system files/folders and they are also hidden which requires that you use special procedures to remove them if the restore points (RPs) do not go away when SR is disabled. You will have to give me a log from Avast that shows the problem restore points.

All of these are totally incorrect. The active scan one is even mentioned in the READ & RUN. The other 3 files are necessary Windows system files. Are you sure your copy of Avast is current and has all updates?

Attach a log from Spybot but the last 2 are not problems. They just mean you are not set to Windows system defaults and that is because you are using your own antivirus and firewall. I'm not sure what the first is.

Why are you using MSconfig? See the READ ME. If you don't need those items to ever load, uninstall them or permanently remove them.

Let's now remove Authentium AV.

• Click on Start, then Run ... type services.msc into the box that opens up, and press 'OK'.
• On the page that opens, scroll down to DvpApi
• then right click the entry, select Properties and press Stop Service.
• When it shows that it is stopped, next please set the Start-up Type to 'Disabled'.
• Click OK until you get back to Windows.

• Next, run HJT, but instead of scanning, click on the None of the above, just start the program button at the bottom of the choices.
• At the lower right, click on the Config button
• Then click the Misc tools button
• Select Delete an NT Service
• Copy/pastedvpapi into the box that opens, and press OK
• If you receive any error messages just ignore them and continue.
• Now exit HJT and reboot when it tells you it needs to.

After reboot, delete the below folder:
C:\Program Files\Common Files\Command Software

 

Go back to Normal Startup mode with MSconfig and then use HijackThis to permanently remove the startups.

Download HostsXpert and then follow the below steps.

• Unzip HostsXpert.zip
  [*]It will create a folder named HostsXpert in whatever folder you extract it to.
  [*]Run HostsXpert.exe by double clicking on it.
  [*]click the Make Writeable? button.
  [*]click Restore Microsoft's Hosts File and then click OK.
  [*]Click the X to exit the program

Now let's see if we can remove those restore points that did not go away.

• Run avenger.exe by double-clicking on it.
• Check the 'Input script manually' box.
• Click on the magnifying glass icon.
• Copy everything in the Quote box below, and paste it in the box that opens:

• Now click the 'Done' button.
• Click on the traffic light icon and OK the prompt.
• You will be prompted to restart, OK the prompt and your PC should reboot, if not, reboot it yourself.
• A log file from Avenger will be produced at C:\avenger.txt

Now run Ccleaner!

Now attach the log from Avenger

 

Note, we do not need Ccleaner logs.

You installed it, so if you don't need it uninstall it like I said in message # 23 when I said the below

The Avenger did not find any of those restore points so I would have to assume they were already gone. Is Avast still detecting problems? Before running a scan with Avast, empty any quarantines or backups it may have made.