PC_Antispyware 2010

Let's do this:

Download The Avenger by Swandog469, and save it to your Desktop.

* Extract+ avenger.exe from the Zip file and save it to your desktop
Please use add/remove programs to uninstall:
J2SE Runtime Environment 5.0 Update 6

Now Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Make sure that you tell me if you receive a success message about adding the above
to the registry. If you do not get a success message, it definitely did not work.

* Run avenger.exe by double-clicking on it.
* -Do not change any check box options!!
* Copy everything in the Quote box below, and paste it into the Input script here: part of the window:

* Now click the Execute button.
* Click Yes to the prompt to confirm you want to execute.
* Click Yes to the Reboot now? question that will appear when Avenger finishes running.
* Your PC should reboot, if not, reboot it yourself.
* A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.
-
Now run Ccleaner to clean out only temp files and nothing else!

Now see if you can run the other scans....attach the logs that you can produce.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

Then attach the below logs:

* C:\Avenger.txt
* C:\MGlogs.zip

Make sure you tell me how things are working now!

I strongly advise you to cleanup your Desktop. Remove everything but links to run programs. Do not download and save programs here and definitely do not use it for long term storage. You need to keep ComboFix.exe here for now as we need it, but we will be removing it when we are finished with your cleanup. A cluttered Desktop is malware's playground and it can also cause performance degradation especially when you start saving large files here like you are doing.

 

Use task manager to start Avenger.exe.

Once it opens...* -Do not change any check box options!!
* Copy everything in the Quote box below, and paste it into the Input script here: part of the window:

* Now click the Execute button.
* Click Yes to the prompt to confirm you want to execute.
* Click Yes to the Reboot now? question that will appear when Avenger finishes running.
* Your PC should reboot, if not, reboot it yourself.
* A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.

See if you can now boot normally.

 

Try doing this while I check your logs.

Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Make sure that you tell me if you receive a success message about adding the above
to the registry. If you do not get a success message, it definitely did not work.

 

* Run avenger.exe by double-clicking on it.
* -Do not change any check box options!!
* Copy everything in the Quote box below, and paste it into the Input script here: part of the window:

* Now click the Execute button.
* Click Yes to the prompt to confirm you want to execute.
* Click Yes to the Reboot now? question that will appear when Avenger finishes running.
* Your PC should reboot, if not, reboot it yourself.
* A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

Then attach the below logs:
* C:\Avenger.txt
* C:\ComboFix.txt
* C:\MGlogs.zip

Make sure you tell me how things are working now!

 

Open Task Manager and click File, New Task (Run...) and enter cmd into the box and click OK. This should open a command prompt window if it works properly. Copy and paste the below into the command prompt window. (You right click in the command prompt window to be able to select Paste).

copy C:\WINDOWS\ServicePackFiles\i386\explorer.exe c:\windows\explorer.exe

If the above command states the file was copied, now try to run explorer.exe and see if your Desktop appears.

 

Much better...now use windows explorer to find and delete:
c:\windows\system32\onhelp.htm

Now download the latest version of MGtools and save it to your root folder. Overwrite your previous MGtools.exe file with this one. Run the Exe file and attach the new MGLogs.zip

 

Let's do this and see if that finishes it.

Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

Now Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Make sure that you tell me if you receive a success message about adding the above
to the registry. If you do not get a success message, it definitely did not work.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

Then attach the below logs:
* C:\MGlogs.zip

Make sure you tell me how things are working now!

 

You may need to right click each icon / properties / find target. If it does not take you to the exe file, then you will need to delete it, go to the program exe file and right click and send to desktop.

First lets do this:
Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

* Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
If it is not on your Desktop, the below will not work.
* Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
* If ComboFix tells you it needs to update to a new version, make sure you allow it to update.
* Open Notepad and copy/paste the text in the below code box into it (make sure you scroll all the way down in the code box to get all lines selected ):

Code:

KILLALL::

FCopy::
C:\WINDOWS\ServicePackFiles\i386\explorer.exe|C:\WINDOWS\SYSTEM32\explorer.exe

* Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
* At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
* You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
If it asks you to overide the prvevious file with the same name, click YES.
* Now use your mouse to drag CFscript.txt on top of ComboFix.exe
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
* Follow the prompts.
* When it finishes, a log will be produced named c:\combofix.txt
* I will ask for this log below

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.

Now go to C:\MGTools\analyse.exe and double click it. Attach the log if it runs.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

Then attach the below logs:

* C:\ComboFix.txt
* C:\MGlogs.zip

 

Your logs are clean. Any additional issues you are having need to be addressed in the software forums.

If you are not having any other malware problems, it is time to do our final steps:

1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no real-time protection. They are useful as backup scanners.They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
   
   • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
   • "%userprofile%\Desktop\combofix" /u
     
     • Notes: The space between the combofix" and the /u, it must be there.
     • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
3. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
4. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
5. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
6. Go to add/remove programs and uninstall HijackThis.
7. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
8. If you are running Vista, Windows XP or Windows ME, do the below:
   
   • Refer to the cleaning procedures in step 3 the READ ME for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore ato create a new clean Restore Point.
9. After doing the above, you should work thru the below link:
   
   • How to Protect yourself from malware!

 

Try the below:

• Download this Win32kDiag and save to C:\Win32kDiag.exe. You must save it here!!!!
• Click on Start->Run, and copy-paste the following command (the bolded text) into the "Open" box, and click OK. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please attach this log

C:\win32kdiag.exe -f -r


Now we need to scan the system with this special tool.

• Please download Junction.zip and save it to your root folder (C:\Junction.zip)
• Unzip it and put junction.exe in the root folder (C:\junction.exe)
• Now click Start => Run... => Copy and paste the following command in the run box and click OK:
  
  cmd /c junction -s c:\ >C:\log.txt
  ​
• A command prompt window opens and also a license agreement from SysInternals will appear.
• Accept the license agreement and the scan will begin.
• Wait until a log file opens. Attach this C:\log.txt when it finishes (the command prompt window will close when it finishes).
• NOTE: It scans your whole hard disk so if can take a long time. Be patient and don't do anything else while it is scanning.

 

Okay Win32kDiag fixed a bunch of issues with permissions in the Windows folders. Let's try the below with Junction to see if we can locate issues out side of the Windows folders. Make sure that you follow these steps exactly and redownload Junctions.


Now we need to scan the system with this special tool.

• Please download Junction.zip and save it to your Desktop this time.
• Unzip it and save junction.exe to your Desktop
• Now click Start => Run... => Copy and paste the following command in the run box and click OK:

cmd /c C:\Documents and Settings\JEFF\Desktop\junction -s c:\ >C:\log.txt

• A command prompt window opens and also a license agreement from SysInternals will appear.
• Accept the license agreement and the scan will begin.
• Wait until a log file opens. Attach this C:\log.txt when it finishes (the command prompt window will close when it finishes).
• NOTE: It scans your whole hard disk so if can take a long time. Be patient and don't do anything else while it is scanning.

Now do the below no matter what happens with the above!

Now download the current version of MGtools and save it to your root folder. Overwrite your previous MGtools.exe file with this one.

Run MGtools.exe ( Note: If using Vista make sure UAC is still disabled. Also don't double click on it, use right click and select Run As Administrator )

Now attach the below log:

• the log from Junction if it ran.
• C:\MGlogs.zip

 

Okay then let's try it in another folder where we can fix permissions. First run C:\win32kdiag.exe -f -r
like you did back in msg # 25.

No let's try the below with Junction in the Windows folder to see to see if it will run.



Now we need to scan the system with this special tool.

• Please download Junction.zip and save it to your C:\Windows this time.
• Unzip it and save junction.exe to your C:\Windows
• Now click Start => Run and enter cmd into the box and click OK. This will open a command prompt window.
• Now Copy and paste the following command into the run box and click OK. I say copy and paste because you must get the space correct.

C:\Windows\junction -s c:\ >C:\log.txt

• A license agreement from SysInternals should appear if junction runs.
• Accept the license agreement and the scan will begin.
• Wait until a log file opens. Attach this C:\log.txt when it finishes (the command prompt window will close when it finishes).
• NOTE: It scans your whole hard disk so if can take a long time. Be patient and don't do anything else while it is scanning.

Now do the below no matter what happens with the above!

Now download the current version of MGtools and save it to your root folder. Overwrite your previous MGtools.exe file with this one.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).


Then attach the below logs:

• the log from Junction if it ran
• C:\MGlogs.zip

 

Hmmmmm!!! I just looked at you last MGlogs.zip file and I see why Junction is not running. You did not put the Junction.exe file on your Desktop. You the Junction.zip file on your Desktop but you extracted Junction.exe into a folder named Junction on your Desktop which is why the command will not work and also it is why my last message will fail if you attempt to follow those instructions. You are not doing what I asked you to do. You need to put the Junction.exe file where requested.

 

Probably because you are using the lousy built in ZIP function of Windows. It was not in a folder to begin with so it should not be put in a folder when extracted. You may want to check your Windows Options. I never used the Windows ZIP function since the day I installed XP. I always use WinZip which is 1000x better.

You mean the original command prompt Window close too?

 

Okay now that Junction.exe is in the Windows folder, run the C:\win32kdiag.exe -f -r
command one more time and attach this log so we can see if it detects any permissions issues with Junction.

 

Need the log.

 

Download and save Inherit to your Windows folder.

Then from your Windows Explorer window, drag junction.exe ontop of inherit.exe.

Now also drag C:\MGtools\analyse.exe on top of inherit.exe

Did you get an OK for each file?

Now see if the junction will run.

Also run C:\MGtools\GetLogs.bat and and then attach the new C:\MGlogs.zip file after it finishes.

 

Okay I'm not sure why Junction will not run but Inherit did fix analyse.exe which now ran and produce a log in the MGlogs.zip file.

What problems do you still see? Can you run SUPERAntiSpyware now? If not, put inherit.exe into the C:\Program Files\SUPERAntiSpyware folder and then drag the
SUPERAntiSpyware.exe file ontop of inherit and then see if you can run SUPERAntiSpyware. You can do this for any program that does not appear to run.

 

I would like to see all of these logs.

I'm still wondering why you cannout run junction.exe.

Please download the current version of MGtools and this time save it to your C:\Windows folder (yes this is not normally where we want it but this is a test). Then locate the C:\Windows\MGtools.exe file and double click on it to run it. When it finishes, attach the new C:\MGlogs.zip file.

Do the Desktop shortcuts work? i.e., are they associated with the correct programs. Blue shading on Desktop icons while not normal, is typically a settings issue. First thing I would try is right clicking on the Desktop and selet Arrange Icons By, then make sure to uncheck Lock Web Items on Desktop.

This may be a faster solution since you may have too much damage to reliably recover from and you may have many outstanding permissions issues which is why various programs are having problems running or running properly.

By the way Windows Installer issues related to MS Office have long been problematic. Sometimes it is triggered by malware attacks but many times it is not due to malware. This would be something better worked in the Software Forum but did you try dragging outlook onto inherit?

That's up to you.