This is a MESS - Malware, Viruses, etc. HELP!

You need to run CounterSpy again and this time have it Quarantine or Delete everything it finds instead of ignoring it.

Then run the below!


I'm going to post two sets of instructions below. Each will be enclosed in separate Quote boxes. Make sure to complete the first one 100% before moving on to the second one.

ATTACH THE FIRST LOG NOW BEFORE CONTINUING OR YOU WILL OVERWRITE IT!!!! And then immediately continue on to the below steps.

Now attach new logs from:

• GetRunKey
• ShowNew
• HJT

How are things working now?

 

Did you re-run CounterSpy too and fix everything?

 

Since you fixed everything with CounterSpy, uninstall it now since it is only a trial. Do this now before continuing.

You MUST ALWAYS refer to the current online version of the READ ME and make sure that you are getting the tools from it. You are WAYYYY out of date with your versions of ShowNew and GetRunKey. Get the current versions from the links in the READ ME and attach proper logs.

You need to disable the Windows Security Center from trying to manage your security. Tell it you will manage things. However you need to install a real firewall first. You are using the Windows firewall which is not adequate. Install this ZoneAlarmFree

 

Yes I know of the program! It is a firewall of some sorts which is design for only one purpose to protect you from getting in trouble for downloading using P2P applications. As far as I know it is not a full blown firewall which will protect you from malware. And you need the latter which is what ZoneAlarm will do. As far as conflicts with ZoneAlarm, well I'm not familiar with those. You could ask in the Software Forum or you could try another free firewall from the below:

• Outpost Firewall Free

• Sygate Personal Firewall Free<--- with the Symantec acquistion of Sygate, I do not know how much longer this will be around or be free!
• Filseclab Personal Firewall Professional Edition
• Comodo Personal Firewall

We have some more work to do!

Uninstall the below old versions of software:
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 8
Mozilla Firefox (1.5.0.9)

Make sure you reboot after uninstalling the above!

After reboot, now install the current version of Sun Java from: Sun Java Runtime Environment

Then install the current version of FireFox from: Mozilla Firefox



Please download and install Registrar Lite Make sure you select a Majorgeeks download link and not the Authors!

Run Registrar Lite navigate to each of the following keys (one at a time) and take ownership of them (I explained how to do that further down).

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CMDSERVICE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CMDSERVICE\0000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NETWORK_MONITOR
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NETWORK_MONITOR\0000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CMDSERVICE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CMDSERVICE\0000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_NETWORK_MONITOR
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_NETWORK_MONITOR\0000
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000

To take ownership of the key do the following:

• Copy & Paste the registry key from above into the Address bar of Registrar Lite and hit the enter key. This will bring you to the registry key.
• Click-on Security in the top Menu
• Select Take Ownership
• Repeat these steps for all of the registry keys given above before continue to the next steps below.
• Now leave RegistrarLite running and continue
• Now run the fixME.reg REGISTRY PATCH below in this message.
• Tell me the results. Any error messages?
• Now in RegistrarLite click View and then Refresh
• Now navigate one at a time to each of the above keys we took ownership of to make sure they were deleted.
• If any of the keys still exist, move on down to PART 2 - Setting Permissions for Everyone below!.

Here is the Registry Patch

Now Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the &quot;Save as&quot; type is set to &quot;all files&quot; Once you have saved it double click it and allow it to merge with the registry.

PART 2 - Setting Permissions for Everyone
Run the below if some of the registry keys still exist after running the above steps.

Now I want you to use Registar Lite again to navigate to each of the below keys (one at a time) by pasting them into the Address Bar and hitting return. But this time click the Security menu item and select Edit Permissions so we can change permissions to everyone ( I describe this down below the list of registry keys).

After click Edit Permissions , here is what I expect you to see in the Group or user names area of the form:

Everyone
SYSTEM

Select Everyone by clicking on it. Now at the bottom in the Permissions box click the check box for Full Control. The click Apply and then OK to get back to the main Registrar Lite screen. Nowright click on the registry key and select Delete. The click View and Refresh. Check to see if the registry key just deleted truly deleted. If so, move on to the next to work thru the whole list. If it does not delete, I want you to boot into safe mode and repeat these exact same steps to see if we can do it from safe mode.

Then reboot your PC!

Now run GetRunKey again and attach a new log!

 

Yes! But be careful. You don't want to make a mistake anywhere and delete the Root key. If you did that you would be reinstalling your OS.

The below keys still remain
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NETWORK_MONITOR
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_NETWORK_MONITOR

Which means you need to do part 2 again! ONLY DELETE at the LEGACY_NETWORK_MONITOR level. DO NOT DELETE at the Root key level. Make sure that you get the Permission set to everyone. You can even set the permission at the Root key level to Everyone, but just don't delete the Root key.

Are you still having this problem?

 

Use Registry Lite set set permissions to Everyone but set it at a higher registry key level. Set it at the below levels:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root

Then try to delete the lower level LEGACY_NETWORK_MONITOR subkeys. If that does not work, move one level higher to the below keys and repeat trying to delete the LEGACY_NETWORK_MONITOR subkeys. Also use the Take Ownership feature (like we did in message # 10) of Registrar Lite if necessary.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum

 

Ift could be from the malware or it good be an antivirus,antispyware, or firewall program blocking changes. Boot into safe mode, disconnect (by unplugging cable) from the internet, shut down ALL unnecessary processes including antivirus, antispyware and ZoneAlarm.

Then goto a higher level like HKEY_LOCAL_MACHINE\SYSTEM and take ownership and also set permissions to everyone if necessary. And then try deleting the below individual keys:

Not sue! You may have a required process blocked. You may need to look at the list of processes and make sure you have not blocked anything needed. Otherwise uninstall, reboot, and reinstall.