Second Slow Desktop...

What malware issues are you having with this machine? I am not seeing any malware, but I would like you to boot into normal mode and re-run the H:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

Then attach the below logs:

* H:\MGlogs.zip

 

Make sure that Comodo was all shutdown before running MGtools in normal mode; however, you can just abort the procdll.exe scan if it hangs on you. But please do attach the MGlogs.zip file from Normal Boot mode for TimW.

What startup list?

The runkeys.txt log you attach ( as part of MGlogs.zip ) shows the above two keys and it shows them as not having any value which is normal. They show as the below

Code:

HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows
   load REG_SZ          

HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows
   run REG_SZ          

In the future, you need to properly follow instructions for running the tools we request. The below are not the locations that MGtools and Combofix should be saved or run from.

H:\Fix It All\IKnowYouKnowMGT.exe

O23 - Service: PEVSystemStart - Unknown owner - H:\YouKnowWhatElseCF\PEV.cfxxe (file missing)

 

No! You need to use the interface in the program to stop active protection. Trying to kill a process in Task Manager will not work because services are running which will just restart.

When it gets to this point of the scan. Just hit CTRL-C and see if it will abort. If not, open Task Manager and see if you can kill procdll.exe

Yes.

Okay but those keys look normal as noted in my last message. ( I had a cut and paste error which I just fixed in my last message. See where I was referring to runkeys.txt and those two registry keys.

 

The below are way out of date and should be replaced by current versions (note: you do already have the current Sun Java so the old one just needs to be uninstalled):
Java(TM) 6 Update 2
Mozilla Firefox (3.5.2)
SpywareBlaster 4.2

Now run MSconfig and put your PC into normal startup mode as requested in step 4 of the READ & RUN ME.

Copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Make sure that you tell me if you receive a success message about adding the above
to the registry. If you do not get a success message, it definitely did not work.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).


Then attach the below logs:

• C:\MGlogs.zip

Are you having any malware problems now? If yes, tell me exactly what.

 

Likely just a problem with Windows itself.

You did not attach the log.

 

Nope! This is a false detection. mbr.exe is part of GMER's tools used to look for rootkits and MBR infections. It is used by ComboFix and many other tools.

 

Your logs are clean but you have to different DNS servers assigned.


O17 - HKLM\System\CCS\Services\Tcpip\..\{887207A4-7E05-4025-8742-EC9B659273F6}: NameServer = 205.152.150.23,205.152.132.23
O17 - HKLM\System\CCS\Services\Tcpip\..\{C944C918-F0A7-4374-AE09-555CBC5079AC}: NameServer = 156.154.70.22,156.154.71.22

The first ones ( 205.152.x.x ) are from Bell South
The 2nd ones ( 156.154.x.x ) are from NEUSTAR

Which are you supposed to be using? I'm guessing Bell South based on your connection here.

 

If you are not having any other malware problems, it is time to do our final steps:

1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no real time protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.We recommend them for doing backup scans when you suspect a malware infection.
2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
   
   • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
   • "%userprofile%\Desktop\combofix" /uninstall
     
     • Notes: The space between the combofix" and the /uninstall, it must be there.
     • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
     
     
   
   
3. Go back to step 6 of the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
7. Go to add/remove programs and uninstall HijackThis.
8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
9. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
   
   • Refer to the cleaning procedures pointed to by step 7 of the READ ME
     for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
   
   
10. After doing the above, you should work thru the below link:
    
    • How to Protect yourself from malware!
    
    

Help Support MajorGeeks
Buy Discounted Software @ Majorgeeks Store. Giveaways Too!

Majorgeeks Geek Wear. Hats, T-Shirts, Hoodies

MajorGeeks on FaceBook