I decided to re-attempt removing malware removal on my friend’s computer after reading “5 hours of complete pain” posted by Big Bear. The symtoms are almost identical. AFter getting RougueKiller and OTS scans here they are. Essexboy was helping me before so it would help if he can continue to do so.
Symptoms are , no windows update, Comodo and avast installed but not loading at bootup. the windows uninstaller wont work, regedit wont work. winutilities will only run in 1-click fix (no registry cleaning, but not sure if this is the default), avast detects no virus, MBAM detects no virus.finally got Ccleaner installed and will attempt a fix later, there is a long list of probs inside the registry. i’ll try to post that next

The Ccleaner registry scan list is here.

On a review of your OTS log, I see a big problem in that you are using several AV software on the same machine, which will create all kinds of problems. It appears that you are using:

• Avast
• BitDefender IS
• Comodo IS and FW
• PC Doctor (which I believe has an AV in it)

You also have for other security software: MBAM, SB with Teatimer (TT), and WinUtilities amongst others. SB with TT has been known to create problems with Avast in the past, esp. the TT part.

First, you need to uninstall, BitDefender, PC Doctor, and Comodo IS (you can leave the FW), using the vendor’s uninstaller tools, then reboot your machine after uninstalling each one separately. See below for uninstaller tools:

• http://uninstallers.blogspot.com/
• http://www.askvg.com/ultimate-collection-of-uninstallers-removal-tools-for-all-popular-anti-virus-software/

Uninstalling SB with TT:

• Uninstall Spybot S&D w/Teatimer: http://www.safer-networking.org/en/howto/uninstall.html.
• How to disable Spybot-S&D (temporarily). http://www.safer-networking.org/en/howto/disable.html . Even though it says temporarily, the resident parts of SpyBot Search & Destroy must be enabled manually if disabled in this manner. TeaTimer doesn’t load into memory at all when disabled.
• SB fails to detect: http://www.brighthub.com/computing/smb-security/articles/65492.aspx and has been replaced with MBAM, which you already have on your machine.

Second, update and run and MBAM scan, quarantine any infection, and post the results here.

If after this time you have problems with Avast, perform an Avast Repair:

• Go to Control Panel > Add/Remove programs > Avast Antivirus.
• Scroll down and choose Repair function in the pop-up window.
• Reboot.

Third, run an updated OTS log and attach the log to your next post along with the MBAM scan. After posting your logs, do not make any changes to your machine. I am going to contact our malware removal expert, Essexboy for assistance since you also have registry errors.

Let us know in your next post as well how your machine is behaving after doing all of the above. Thank you.

Edit: Essexboy has been notified.

Definitely a security overkill - they probably spend so much time fighting each other that they let malware through. RogueKiller did for the bad ones, on completion of this let me know the list of remaining problems - do not use a registry cleaner or this situation could get worse

Start OTS. Copy/Paste the information in the quotebox below into the panel where it says “Paste fix here” and then click the Run Fix button.

[Unregister Dlls]
[Registry - Safe List]
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-1786016202-4027875324-1303886266-1008\] > -> HKEY_USERS\S-1-5-21-1786016202-4027875324-1303886266-1008\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\"{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> "Malwarebytes Anti-Malware (reboot)" -> ["C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript]
YN -> "Malwarebytes' Anti-Malware (reboot)" -> ["C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript]
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
YN -> "C:\Documents and Settings\Sam\Local Settings\Temporary Internet Files\Content.IE5\TLI285OT\360sd_se[1].exe" -> [C:\Documents and Settings\Sam\Local Settings\Temporary Internet Files\Content.IE5\TLI285OT\360sd_se[1].exe:*:Enabled:360Installer]
[Files/Folders - Created Within 30 Days]
NY ->  PriceGong -> C:\Documents and Settings\Sam\Application Data\PriceGong
[Files/Folders - Modified Within 30 Days]
NY ->  rickap14.exe -> C:\Documents and Settings\Sam\Desktop\rickap14.exe
NY ->  b40twd06vv -> C:\Documents and Settings\All Users\Application Data\b40twd06vv
[File - Lop Check]
NY ->  PriceGong -> C:\Documents and Settings\Sam\Application Data\PriceGong
[Custom Items]
:Files
ipconfig /flushdns /c
:end
[Empty Temp Folders]
[EmptyFlash]
[CreateRestorePoint]
  

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here

I will review the information when it comes back in.

THEN

Windows update repair

Go to this page
Run the fixit there (big button about one third the way down) - if the normal run does not cure it then re run and use the aggressive mode

FINALY

Rerun OTS and paste the following in the custom scan box then press run scan

hklm\software\clients\startmenuinternet|command /rs

actually before I went to bed I scanned with MBAM one last time just for kicks and this liitle baby showed up at the party. I the removed and rebooted anthen the sysytem loaded up like normal and the system tray lit up like a christmas tree. Avast and Comodo FW is now resident. Now I will go on to uninstalling some of the programs mentioned which I couldnt before.

Looks good ;D

Once you have uninstalled that which you no longer need let me know of any problems

here are the logs. Everything seems to be running smoothly. I havent fixed windows update yet, have to wait cause I have to go out

OK once you have run the windows update fix let me know what problems remain

windows update fixed , running ok so far , 30 minutes no probs. Will run a few programs in the next few hours and report if needed. just need to clean up after.

Aye we will do that once you are happy ;D

every ok for now 8) , so please help me clean up

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean

A good workman always cleans up after himself so…The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

:Commands [resethosts] [purity] [emptytemp] [EMPTYFLASH] [CLEARALLRESTOREPOINTS] [Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that

[*]Click Start.
[*]Open My Computer.
[*]Select the Tools menu and click Folder Options.
[*]Select the View Tab.
[*]Under the Hidden files and folders heading select Do not show hidden files and folders.
[]Click Yes to confirm.
[]Click OK.

http://users.telenet.be/bluepatchy/miekiemoes/images/javaicon.gif
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:

[*]Download the latest version of Java SE Runtime Environment (JRE)JRE 6 Update 24.
[*]Click the “Download” button to the right.
[*]Select your Platform and check the box that says: “I agree to the Java SE Runtime Environment 6 License Agreement.”.
[*]Click on Continue.
[*]Click on the link to download Windows Offline Installation (jre-6u24-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager…
[*]Close any programs you may have running - especially your web browser.
[*]Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
[*]Check any item with Java Runtime Environment (JRE or J2SE) in the name.
[*]Click the Remove or Change/Remove button.
[*]Repeat as many times as necessary to remove each Java version.
[*]Reboot your computer once all Java components are removed.
[*]Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u24-windows-i586.exe and select “Run as an Administrator.”)

SPRING CLEAN

Download and run Puran Disc Defragmenter
For the first run I would recommend a boot defrag and disk check

http://i1224.photobucket.com/albums/ee362/Essexboy3/Bootdefrag.jpg

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

http://img233.imageshack.us/img233/7729/mbamicontw5.gif
Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit
[*]Microsoft Windows Update

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?
Keep safe

Actually I have OTS, I have lost the OTL. Is it the same scan parameters?

For OTS it is :

Past the following into the fix box

[Empty Temp Folders]
[EmptyFlash]
[ClearAllRestorePoints]

and select run fix. OTS removal is the same as OTL

@ Commie,

I did not hear back from you after doing your clean up and letting your machine run…I don’t know if this is a good or bad sign. In any case, I wanted to give your some suggestions in addition to the ones given to you by Essexboy to keep you and your machine safer in the future:

1. Keep your definitions up to date for both Avast and MBAM.
2. Keep all your shields on with Avast.
3. Update MBAM prior to scanning, then do Quick scans.
4. Keep your MS Updates current.
5. Add security related Add-on’s to your browsers for safer browsing. See my Signature as an example.
6. Use common sense when browsing and do not go to risky sites.
7. When downloading software, read what you are clicking and do not download adware toolbars which are commonly opted in; look before you click or do a Custom install to avoid putting unwanted toolbars on your machine that lead to spyware tracking or adware.
8. Check to see that your software is up to date with the free Secunia Software Inspector http://secunia.com/vulnerability_scanning/personal/ since software is changing all the time. This site gives you the vendor’s direct download link making it easy to upgrade your software. Many of us here scan our machines weekly.

If you feel that your issue is now resolved/fixed, please go back to the first open post in this topic, click the modify button in that Post and change the title/subject, add [Resolved] to the beginning of the title so this thread can be closed. Thank you for letting us assist you.

Thank you, I’m a newbie to this forum and didnt know ??? . RESOLVED it is.