Thought I got it all, but still problems

Welcome to Major Geeks!

Note that I doubt your problems are due to malware. Issues like you are mentioning are more frequently related to what a person is running on their PC and the PC's specs. Note you appear to be running MSconfig to control startups. Did you ignore that part of step 1 in the READ & RUN ME.

I'm looking at your logs now.

 

There are dozens of stuck registry entries due to having used MSconfig at sometime.

Did you add any new hardware into this PC recently? I see multiple video cards sharing interrupts and I/O addresses.

You do not appear to be having malware issues. There are some misc non-malware things we can cleanup but they will not improve your problem. You may get more improvement by dumping Norton Internet Security and also removing all the junk that Roxio has running. Both of these have been known to cause major performance issues.

 

Working on it now.

Look inside of the C:\MGtools folder and view the sysinfo.txt file with notepad and you will see what I'm referring too. The first place you see reference to 2 card is under the [Conflicts/Sharing] heading.

 

Let's fix the misc items I see which should be done anyway.


First answer what the below is and why does it need to load at startup? I assume it is from your ISP but is it needed? It also appears to be new.
O4 - HKCU\..\Run: [1&1 EasyLogin] C:\Program Files\1&1\1&1 EasyLogin\EasyLogin.exe


Uninstall the below old versions of Sun Java:
J2SE Runtime Environment 5.0 Update 2
Java(TM) 6 Update 3
Java(TM) SE Runtime Environment 6
SUPERAntiSpyware Free Edition <-- We are finished with this now!

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - (no file)
O2 - BHO: (no name) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [dscactivate] c:\dell\dsca.exe 3
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

Optionally, I also suggest you fix the below. Only run them when you need them rather than always running them.
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

After clicking Fix, exit HJT.

Copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Make sure that you tell me if you receive a success message about adding the above
to the registry. If you do not get a success message, it definitely did not work.

Now reboot your PC
Now run Ccleaner!

Now run the C:\MGtools\GetLogs.bat file by double clicking on it.


Then attach the below log:

• C:\MGlogs.zip

Any change at all. Don't forget, I did not expect these minor things to change much.

 

Then I would fix it with HijackThis too.

 

Almost everything in your log is old which means the scans did not run. Please delete the current C:\MGlogs.zip file and the run the GetLogs.bat file again. If you get any error messages just click okay and allow the program to finish running. Attach the new log.

 

Well maybe not! Perhaps you did not run the registry patch or did not get a success message. I ask you to tell me if you received a success message.

Also the below is still there. Are you going to fix it?
O4 - HKCU\..\Run: [1&1 EasyLogin] C:\Program Files\1&1\1&1 EasyLogin\EasyLogin.exe

 

The registry patch did not work properly. Let's try a new one.


Copy the bold text below to notepad. Save it as fixMSC.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Make sure that you tell me if you receive a success message about adding the above
to the registry. If you do not get a success message, it definitely did not work.

Attach another new MGlogs.zip file after running GetLogs.bat again.

By the way is there any change to how your PC is running.

 

Okay it worked properly this time.

I did not think it would impact it as I said earlier.

Yes if you want to? Do you use Roxio for burning CDs/DVD or for anything else? Do you have another program to replace it with?

For NIS removal follow the below steps exactly as written:

• Download but do not install this Avast! Home Edition
• Now download and run this Norton Removal Tool (SymNRT)
• Then reboot your PC
• Now run the Norton Removal Tool one more time and reboot again
• Now install the Avast program you downloaded
• Now run GetLogs.bat again and attach a new MGlogs.zip file so we can check that all of Norton was removed.

This particular error is not a problem as the program is working anyway. It is just one process that the program is having a problem reading information on.

 

If you are sure you don't need Roxio then just uninstall all components of it from Add/Remove programs.

 

The system restore brought everything back to the restore point. If you had uninstall Roxio, it will be back too. Thus if you had uninstall it, you need to uninstall it again.

Start over again with the Norton Removal Tool. This time do not install Avast. Just run a little bit after Norton has been removed to see how things are working and then reboot again just to make sure it work properly. Then also run GetLogs.bat and attach a new MGlogs.zip file. I want to make sure Norton was all removed. Do not stay online too much without protection in place but do not reinstall Avast or any other antivirus yet until I look at your log.

 

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

Note: You may receive an error message about the above being critical services or similar, just ignore and continue.
After clicking Fix, exit HJT.

Now we need to use ComboFix to remove a bunch of malware files.

• Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
  • If it is not on your Desktop, the below will not work.
• Open Notepad and copy/paste the text in the below quote box into it:

• Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
• At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
• You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
• Now use your mouse to drag CFscript.txt on top of ComboFix.exe
• Follow the prompts.
• When it finishes, a log will be produced named c:\combofix.txt
• I will ask for this log below

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.


Copy the bold text below to notepad. Save it as fixme.reg to your desktop (yes overwrite the old file). Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Make sure that you tell me if you receive a success message about adding the above
to the registry. If you do not get a success message, it definitely did not work.

Now run Ccleaner!

Now run the C:\MGtools\GetLogs.bat file by double clicking on it.

Then attach the below logs:

• C:\ComboFix.txt
• C:\MGlogs.zip

Make sure you tell me how things are working now! I know we do not have an antivirus installed yet. I just want to know how things look right at this time.

 

The fix did not work. Try again. Make sure you drag & drop using left click not right click. Also you cannot just run ComboFix by double clicking on it which is what your log show was done. You need to create the CFScript.txt file and drag and drop it.

Attach new logs but only if ComboFix works properly.

 

That is what it is supposed to do. Attach the new ComboFix log and also get a new MGlogs.zip file to attach.

 

Your MGlogs.zip file is incomplete.

• Did you wait for it to finish running?
• Do you still have UAC disabled? (this could cause problems for both ComboFix and MGtools)

 

Okay it ran properly this time.

Since we are having a problem getting ComboFix to run properly, let's try another tool to finish the fixes.



Now download The Avenger by Swandog46, and save it to your Desktop.

• Extract avenger.exe from the Zip file and save it to your desktop
• Run avenger.exe by double-clicking on it.
• Do not change any check box options!!
• Copy everything in the Quote box below, and paste it into the Input script here: part of the window:

• Now click the Execute button.
• Click Yes to the prompt to confirm you want to execute.
• Click Yes to the Reboot now? question that will appear when Avenger finishes running.
• Your PC should reboot, if not, reboot it yourself.
• A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.

Now run Ccleaner!

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

Then attach the below logs:

• C:\avenger.txt
• C:\MGlogs.zip

Make sure you tell me how things are working now!

 

I'm not sure why you are having so many problems with these tools but it may indicate other problems (not malware - as stated in my first message you have not malware issues) within your Windows Operations system.

Let's try to finish this manually.

• Click on Start, then Run ... type services.msc into the box that opens up, and press 'OK'.
• On the page that opens, scroll down to Roxio Hard Drive Watcher 9
• then right click the entry, select Properties and press Stop Service.
• When it shows that it is stopped, next please set the Start-up Type to 'Disabled'.
• Click OK until you get back to Windows.

• Next, run C:\MGtools\analyse.exe which is really HijackThis, but instead of scanning, click on the None of the above, just start the program button at the bottom of the choices.
• At the lower right, click on the Config button
• Then click the Misc tools button
• Select Delete an NT Service
• Copy/pasteRoxWatch9 into the box that opens, and press OK
• If you receive any error messages just ignore them and continue.
• Now exit HJT and reboot if it tells you it needs to.

Now delete the below files if found:
C:\Windows\System32\drivers\SYMEVENT.CAT
C:\Windows\System32\drivers\SYMEVENT.INF
C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - Alison.job

Now delete the below folders if found:
C:\ProgramData\Symantec
C:\Program Files\Alwil Software
C:\Program Files\Common Files\Roxio Shared
C:\Users\Alison\AppData\Local\Temp\_avast4_

After doing the above, you can reinstall your choice of antivirus now.


Now run Ccleaner!

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).





Then attach the below logs:

• C:\MGlogs.zip

Make sure you tell me how things are working now!

 

You're welcome.

I would not worry about it since everything is running good.


If you are not having any other malware problems, it is time to do our final steps:

1. You can uninstall SUPERAntiSpyware now.
2. We recommed you keep Malwarebytes Anti-Malware as a scanner. It uses no resources except a little disk space until you run a scan.
4. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop & renamed it like we requested.)
   • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
   • "%userprofile%\Desktop\combo-fix" /u
     • Notes: The space between the cf" and the /u, it must be there.
     • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
   • Delete the C:\cf folder from combofix.
5. If we had you run Avenger, you can delete all files related to Avenger now.
6. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
7. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
8. Go to add/remove programs and uninstall HijackThis.
9. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
10. If you are running Vista, Windows XP or Windows ME, do the below:
    • Refer to the cleaning steps in the READ ME for your Window version and see the steps to Disable System Restore which will flush your Restore Points.
    • Then reboot and Enable System Restore to create a new clean Restore Point.
11. After doing the above, you should work thru the below link:
    • How to Protect yourself from malware!

 

You're welcome.

Try the Game forum.