Ran Disable UAC.reg on XP SP2 - Big Mistake

Hi

Could try in safe mode deleteing from the registry and at this location HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System this key "EnableLUA"=dword:00000000 which is the only thing the disable UAC reg patch adds.

Then continue with the Read Me removals guide and attach the logs gained, so that our malaware experts can review them and issue you some further removal instructions, as it could be the malware thats affection your internet in normal mode more and more.

 

You need to attach the log from MGtools that was requested. That is the C:\MGlogs.zip file.

Also you need to attach the rquested log from SUPERAntiSpyware.

Did you or your friend purchase SpyHunter Security Suite? If it is a demo, uninstall it now.


Are the below all files you or your friend created? If not, then delete them.

Code:

2008-12-06 00:57 . 2008-12-06 00:57 51,349 --a------ C:\regsrv10.jpg
2008-12-06 00:56 . 2008-12-06 00:56 49,906 --a------ C:\regsrv8.jpg
2008-12-06 00:56 . 2008-12-06 00:56 42,036 --a------ C:\regsrv9.jpg
2008-12-06 00:55 . 2008-12-06 00:55 59,577 --a------ C:\regsrv7.jpg
2008-12-06 00:55 . 2008-12-06 00:55 47,533 --a------ C:\regsrv6.jpg
2008-12-06 00:54 . 2008-12-06 00:54 47,645 --a------ C:\regsrv5.jpg
2008-12-06 00:54 . 2008-12-06 00:54 39,346 --a------ C:\regsrv4.jpg
2008-12-06 00:53 . 2008-12-06 00:53 53,500 --a------ C:\regsrv3.jpg
2008-12-06 00:52 . 2008-12-06 00:52 41,873 --a------ C:\regsrv2.jpg
2008-12-06 00:51 . 2008-12-06 00:51 47,645 --a------ C:\regsrv1.jpg
2008-12-06 00:44 . 2008-12-06 00:44 52,122 --a------ C:\syscfgsafe3.jpg
2008-12-06 00:44 . 2008-12-06 00:44 24,349 --a------ C:\syscfgsafe4.jpg
2008-12-06 00:43 . 2008-12-06 00:43 54,909 --a------ C:\syscfgsafe1.jpg
2008-12-06 00:43 . 2008-12-06 00:43 51,031 --a------ C:\syscfgsafe2.jpg
2008-12-06 00:41 . 2008-12-06 00:41 10,202 --a------ C:\brdcom2.jpg
2008-12-06 00:40 . 2008-12-06 00:40 11,750 --a------ C:\brdcom1.jpg
2008-12-06 00:35 . 2008-12-06 00:35 73,786 --a------ C:\safesrv6.jpg
2008-12-06 00:35 . 2008-12-06 00:35 22,416 --a------ C:\safesrv7.jpg
2008-12-06 00:34 . 2008-12-06 00:34 71,024 --a------ C:\safesrv4.jpg
2008-12-06 00:34 . 2008-12-06 00:34 69,626 --a------ C:\safesrv5.jpg
2008-12-06 00:33 . 2008-12-06 00:33 65,273 --a------ C:\safesrv3.jpg
2008-12-06 00:32 . 2008-12-06 00:32 67,779 --a------ C:\safesrv2.jpg
2008-12-06 00:31 . 2008-12-06 00:31 58,245 --a------ C:\safesrv1.jpg
2008-12-05 23:51 . 2008-12-05 23:51 151,427 --a------ C:\servreg4.jpg
2008-12-05 23:50 . 2008-12-05 23:50 152,246 --a------ C:\servreg3.jpg
2008-12-05 23:50 . 2008-12-05 23:50 147,062 --a------ C:\servreg2.jpg
2008-12-05 23:49 . 2008-12-05 23:49 145,658 --a------ C:\servreg1.jpg

 

The more you keep posting, the longer it takes to get an answer. You need to post one and only one set of logs as requested and then wait for an answer. Have you read this sticky thread? >>> Don't Bump! It Only Hurts You!!!

Constant posting causes bumping and loss of queue position which can can cause many days of extra waiting time when you keep posting.

Your connection issues could well be due to problems with Norton 360. You should try uninstalling it and then running the below cleanup tool since Symantec products rarely uninstall properly.

Please run the below then reboot. After reboot run it one more time.

Norton Removal Tool (SymNRT)

Then check to see if you can connect to the internet.

You are not using the current updates for your SUPERAntiSpyware and Malwarebytes scans. You really need to update. Also you have Spybot's Teatimer running which we requested that you not run. You need to disable Teatimer now. See this: How to disable Spybot's TeaTimer


Also uninstall the below old Sun Java versions per step 1 of the READ & RUN ME:
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 7


The after a reboot, now install the current version of Sun Java from: Sun Java Runtime Environment

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - (no file)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - (no file)
O2 - BHO: UltraEdit Toolbar - {4E7BD74F-2B8D-469E-85AA-FD60BB9AAE22} - (no file)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: UltraEdit Toolbar - {4E7BD74F-2B8D-469E-85AA-FD60BB9AAE22} - (no file)
O3 - Toolbar: (no name) - {8CEB3591-5DDC-47ec-AF97-66699BC85FE0} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

After clicking Fix, exit HJT.


Also this PC is not in Normal Startup mode as requested in step 1 of the READ & RUN ME. You need to run MSconfig and select Normal Startup and then do the below to get a new MGlogs.zip file to attach.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).




Then attach the below log:

• C:\MGlogs.zip

Make sure you tell me how things are working now!

 

You're welcome.


If you are not having any other malware problems, it is time to do our final steps:

1. We recommed you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
3. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
   • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
   • "%userprofile%\Desktop\combofix" /u
     • Notes: The space between the combofix" and the /u, it must be there.
     • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
   • Delete the C:\combofix folder from combofix (if it exists)
4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
7. Go to add/remove programs and uninstall HijackThis.
8. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
9. If you are running Vista, Windows XP or Windows ME, do the below:
   • Refer to the cleaning steps in the READ ME for your Window version and see the steps to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
10. After doing the above, you should work thru the below link:
    • How to Protect yourself from malware!