System Restore not responding

I have used your site before to solve malware problems and have always had success because of your help. I followed the normal steps when we first have problems. I already installed all the tools in the how to protect against malware section and just finished the Read and Run First section. I also took a look at a few threads that pertained to losing the System Restore capability and nothing worked. I have not run Hijack This or anything because I wanted to ask you guys before doing anything else. My computer is SUPER SLOW, pop ups like crazy, and I have lost the ability to view many images on many web pages. I have only used half of the 60gb capacity my laptop has and I know I must be infected with some malware all the other tools I have installed are not detecting. What can I possibly do next? Thanks so much.

 

Hi skd44!

Please try this first:

Run this utility:

If afterwards you can continue with the scans in the READ & RUN ME FIRST, please do so we can look at the logs. Please post the Combofix log to us in any case.

abri

 

I have attached the combofix log with this reply. Thanks so much.

 

Hi skd44,
If you have both Symantec and McAfee running, please choose one of them immediately and get rid of the other. To uninstall Symantec, please use fhe following tool:

Norton Removal Tool (SymNRT)

If you would rather uninstall McAfee, please use this:
McAfee Consumer Product Removal Tool (SymNRT)

Whichever one you choose to remove, if possible, try to turn it off before you remove it.
abri

 

I know I only have Mcafee but the subscription was up a few months back so I don't think its currently running but every time I reboot up I have to keep closing out of Mcafee windows saying I don't want to renew and this and that.

 

OK., I removed Mcafee completely from my computer. What should I do next? Do I need to run any other scans? I ran all the Read and Run first stuff before asking for help but I do I need to rerun any of that or anything new? Thanks.

 

Hi skd44!
If you're having pop-ups like crazy (or were), then your computer is showing symptoms of malware and it would be a good idea to go through the whole READ & RUN ME FIRST. It looks more daunting than it is. I think what you'll find is that your system restore isn't working because your restore points are infected. BitDefender will usually pick these up. It doesn't make any sense nor is it a good idea to simply flush them until AFTER we've established that your computer is completely clean because they will just get infected again. We do that at the end. The time spend on the READ ME is time well-spent and the logs you provide allow us to give you the best advice.
abri

 

OK Abri, I will do the Read and Run First again, and don't worry, I am used to it. As I said, I have used this site many times in the past when I was infected with such malicious malwares like about:blank, HSA, and SpyAxe, so I am used to running through the Read and Run first, although it is constantly updated and added to, which is great. I will let you know once I have finished this and see where I need to go from there. Thanks again.

 

OK, I finished with the updated Read and Run First, here are all the logs I saved.

 

More logs

 

Hi skd44!
Please rename hijackthis.exe to analyse.exe
We ask you to do this, because there's a certain virus which has learned to evade detection when hijackthis is run under it's normal name. After you rename it to analyse.exe, please post a new log.
Did Combofix help with the popups at all? If not, please describe the symptoms in a bit more detail, like what names the pop-ups have.
Please go to add/remove programs and uninstall the following:

REBOOT your computer NOW!

Now, please install Java Runtime Environment vs. 6.3

Thanks!
abri

 

The popups have stopped, so I thank you for that. Here is the new log for hijack this, renamed analyse.exe. However, I do see that the log is still called hijackthis.log even after I changed hijackthis.exe to analyse.exe before I ran the scan. Is there a reason the change did not take place and the name change did not work? Thanks.

 

Also, I removed all the Java Runtime environments and the viewpoint manager, but will this have any effect on my Windows Media Player or anything else?

 

Hi skd!

No. It won't affect Windows Media Player.


Teatimer prevents some of our tools from working, so please close it down as follows.

Code:
Disable Spybot's TeaTimer. This is a two step process.
First step:

• Right-click the Spybot Icon in the System Tray (looks like a blue/white calendar with a padlock symbol)
• If you have the new version 1.5, Click once on Resident Protection, then Right click the Spybot icon again and make sure Resident Protection is now Unchecked. The Spybot icon in the System tray should now be now colorless.
• If you have Version 1.4, Click on Exit Spybot S&D Resident

Second step, For Either Version :

• Open Spybot S&D
• Click Mode, choose Advanced Mode
• Go To the bottom of the Vertical Panel on the Left, Click Tools
• then, also in left panel, click Resident shows a red/white shield.
• If your firewall raises a question, say OK
• In the Resident protection status frame, Uncheck the box labeled Resident "Tea-Timer"(Protection of over-all system settings) active
• OK any prompts.
• Use File, Exit to terminate Spybot
• Reboot your machine for the changes to take effect.

Now follow the instructions below:

1) If you do not use Windows Messenger (not to be confused with MSN Messenger!!) I would like you to run Disable/Remove Windows Messenger

2) Scan with HijackThis and check the boxes for the following entries: (if any are missing, just go on)
( Make sure ALL browser windows are closed when you click FIX )

3) After you have completed ALL of the above in the correct order, please attach the following logs.

• ShowNew Log
• GetRunKey Log
• HijackThis Log

abri

 

Thanks so much. Here are the additional logs you requested.