Spyware problem, please assist

Welcome to Majorgeeks!

Please follow the instructions in the below link and attach the requested logs when you finish these instructions.

READ & RUN ME FIRST. Malware Removal Guide

 

You MGlogs.zip files shows that you were in safe boot mode when you ran MGtools.exe. The READ ME did not say you should be in safe mode. Unless we specify safe boot mode, always run things from Normal Boot mode.

Also you did not put ComboFix.exe on your Desktop as is required. You need to have it on your Desktop or steps we have to do later will not work.


Now copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it
double click it and allow it to merge with the registry.

Also you did not put your system into Normal Startup Mode (don't confuse this with normal boot mode). You are using MSconfig to control startups. See the first step in the READ ME and put your PC into Normal Startup Mode now. If your Windows OS issues (mentioned below) don't allow you to run MSconfig, please tell me.

That being said you have major issues with your Windows OS which go outside the realm of the Malware Removal Forum. If you look at your HijackThis log you will see many of your required Windows Services cannot run because the files are either missing of because the service is dependent upon another service that cannot run. Someone or somethings as trashed you OS pretty badly. Who has been experimenting with your PC?????? I would suspect that someone who does not have much experience with Windows may have stopped these services or deleted some important files. One major one that can cause all kinds of issues if stopped is Remote Procedure Call (RPC)

You should try running sfc /scannow from the Start, Run box to see if it can help fix any of your OS problems. It will probably ask for your Windows XP SP2 CD so you best have it ready.

I doubt we can fix all of your problems here. I will give you some steps to do to remove your malware but you may have problems running some steps with your Windows OS so badly broken. You will have work your OS issues in the Software Forum.

Run this Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Uninstall the below old versions of software:
Java 2 Runtime Environment, SE v1.4.2_03
MyWay Search Assistant <-- should have been uninstalled in step 0 of the READ ME
Viewpoint Media Player <-- should have been uninstalled in step 0 of the READ ME

Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/mywaybiz
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
O2 - BHO: (no name) - {FC93F151-B28B-49AD-B1A1-92684A3EE4EB} - C:\WINDOWS\system32\jkhfe.dll (file missing)
O4 - HKUS\S-1-5-18\..\Run: [Spoolsv] C:\WINDOWS\system32\spoolvs.exe (User '?')
O4 - HKUS\.DEFAULT\..\Run: [Spoolsv] C:\WINDOWS\system32\spoolvs.exe (User 'Default user')
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZCxdm565YYUS
O20 - Winlogon Notify: jkhfe - C:\WINDOWS\system32\jkhfe.dll (file missing)

After clicking Fix, exit HJT.

Copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it
double click it and allow it to merge with the registry.

Now download The Avenger by Swandog46, and save it to your Desktop.

• Extract avenger.exe from the Zip file and save it to your desktop
• Run avenger.exe by double-clicking on it.
• Check the 'Input script manually' box.
• Click on the magnifying glass icon.
• Copy everything in the Quote box below, and paste it in the box that opens:

• Now click the 'Done' button.
• Click on the traffic light icon and OK the prompt.
• You will be prompted to restart, OK the prompt and your PC should reboot, if not, reboot it yourself.
• A log file from Avenger will be produced at C:\avenger.txt

After reboot, now install the current version of Sun Java from: Sun Java Runtime Environment

Now run Ccleaner!

Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this and also attach the log from Avenger.

Make sure you tell me how things are working now!