vundo.t have i cleaned?

First thing you need to do is re-run MalwareBytes and have it remove/fix everything that it finds.....then run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this and also attach the log from MWB's.

 

Let me know if you have any problems doing that.

 

Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

After clicking Fix, exit HJT.

Now Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file.

Be sure to tell us how things are running.

 

Well....the registry patch worked but the HJT fix did not. Please make sure you have disabled ALL anti-virus and spyware programs and do the HJT fix again. Then run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip.

 

I'd hand you a tissue, but there is nothing to cry about ...your logs are clean.

Tell me what you are crying about....

 

Hehe .....If you are not having any other malware problems, it is time to do our final steps:

1. You can uninstall SUPERAntiSpyware now.
2. We recommed you keep Malwarebytes Anti-Malware as a scanner. It uses no resources except a little disk space until you run a scan.
3. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop & renamed it like we requested.)

* Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
* "%userprofile%\Desktop\combo-fix" /u
o Notes: The space between the cf" and the /u, it must be there.
o This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
* Delete the C:\cf folder from combofix.

4. If we used SmitFraudFix, you can delete all files and folders related to it now including the c:\rapport.txt log.
5. If we used VundoFix, you can delete the VundoFix.exe file and the C:\VundoFix Backups folder and C:\vundofix.txt log that was created.
6. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
7. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
8. Go to add/remove programs and uninstall HijackThis.
9. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
10. If you are running Vista, Windows XP or Windows ME, do the below:

* Refer to the cleaning steps in the READ ME for your Window version and see the steps to Disable System Restore which will flush your Restore Points.
* Then reboot and Enable System Restore to create a new clean Restore Point.
11. After doing the above, you should work thru the below link:
How to Protect yourself from malware!

 

Well......not to many men call me honey....:-D

Take your time....I'll be here if you have further questions.

 

You are very welcome.....and consider this not a parting, just a brief interlude in our virtual tryst.

 

Are you trying to do an online scan? You can use Internet Explorer to run Bitscan link: agree to the license and then select Scan. DO NOT CHANGE THE OPTIONS TO SHOW ALL FILES SCANNED. That will make your logs huge and we don't need to see clean files. Once Bitdefender completes the scan:

Click-on the Detected Problems tab. Then select Click here to export the scan report

When the window comes up to save the report, change the Save as type: box to Text (Tab Delimited) (*.txt) and then in the File name box enter change to bdscan then click save. This will save a file named bdscan.txt in whatever folder you are currently in when you save the file (take notice of where you are at so you can find it later). This bdcan.txt file will actually contain HTML code that we can easily view later while reviewing your log. All we have to do is rename the file to bdscan.html.

Do you still have any of the tools we had you download before? I would need to at least see the MGLogs.zip.

 

Have you re-downloaded MGTools? That should run and produce a log....

 

You are running multiple Anti-virus programs and firewalls.

You need to do a search for any of the following:
Avg8 -> av program
ESET Smart Security - Has a firewall and AV
Online Armor 2.1 -> av program
WinClamAVShield - av program
PC Tools -> firewall

Your error code refers to an issue with the firewall program.

There is a MS fix for this, but I would wait until you have removed all of the firewall components and redundant av programs...then if you still have the error code we can try this ....http://support.microsoft.com/?kbid=916595

 

Some are still in your run keys....and multiple programs will make conflicts that can cause all kinds of problems.....have you tried using CCleaner to uninstall and then do the cleaning?

You should work thru the below link:
How to Protect yourself from malware!

When/if you think you have cleaned it up...run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip.

(You just wanted me to look at your system again, eh?)

 

What I mean to say is that you have leftover traces of those programs that were once installed. But it looked like you had two firewalls running. I wasn't seeing much else, but you should get me the logs from:
Superantispyware
MalwareBytes
and a new MGLogs.zip

 

If I am reading this right...you have removed all your firewall programs.

A few things to remove:
C:\WINDOWS\unins000.dat
C:\WINDOWS\unins000.exe
C:\Documents and Settings\All Users\Application Data\Avg8

Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Now download a new firewall ( Did you have issues with PCTools firewall? ..it has a very easy interface).

Tell me what problems you are having.

 

Yes, you can remove the items in the application data files....some may not but that is ok.

What do you mean you are infected again? Your last logs that you attached looked clean.

I prefer PCTools firewall which you can download HERE

I am not familiar with either of the programs you mentioned.....I don't see the need for any registry programs. Running the "issues" section of CCleaner is about all you need ( and of course making the backup when prompted).

 

Yes, you are severely infected again......so I will repeat what I said in post #3:

 

Please don't make me come over there and ........nevermind.

You need to stop downloading warez programs!

Use windows explorer to find and delete:
C:\Program Files\315265.exe
C:\Program Files\(99Ways)Kaspersky 8.0.torrent
C:\Program Files\(99Ways)Kaspersky 8.0 [mininova].torrent
C:\Program Files\"++Demonoid.com++-Kaspersky_Internet_Security_8_0_0_357_2538917.0674 [mininova].torrent"
C:\WINDOWS\SYSTEM32\eysmgcqh.tmp

Now download and install a real anti-virus program from HERE

What problems are you now having?

Did you run MWB's and SAS on the "kids" user account?

 

Your logs are clean....the only thing that MWB's found was two files in your system restore files....you need to toggle system restore to remove them.

We can do a few things:

Please use add/remove programs to uninstall:
Java(TM) 6 Update 10"
Java(TM) 6 Update 4"
Java(TM) 6 Update 7

Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Delete this:
C:\Temp

Reboot and install:
Java Runtime 6

Tell me what malware issues you still have.

 

Those are where the error messages are stored.

You need to right click My computer / advanced / startup and recovery / settings .... uncheck the box for automatic restart ....this will then give you a BSOD when it crashes. We will need the exact error message from that.

 

What exactly is it reporting? What sites?

 

I am assuming that you are referring to your firewall report....this is an issue you need to address in the software forum .....you can block the ones that you don't recognize. If things don't run correctly, unblock them.