Finioshed Read Me first- freezing and acting strange

Hi there and welcome. I am currently reviewing your logs and will get back to you with a set of instructions in the next post I make to you.

 

A false positive from Norman.

Yes please I would not mind seeing what you fixed on your own.

Now MalwareBytes is outdated so please open up the program > use the update tab > rescan > fix all it finds > and attach the log regardless of whether it found anything or not into your next reply.

You also have combofix running from the wrong location and not in the location we requested it to be in, which was directly on your desktop. Please get it moved there now before we continue on.

Please attach the log from running SUPERantispyware in the below location:

Please download HelpAsst_mebroot_fix.exe by noahdfear and save it to your Desktop

• Double click HelpAsst_mebroot_fix.exe to run it and follow any prompts.
  • If the tool detects an mbr infection
    • please allow it to run mbr -f and shutdown your computer.
    • Upon restarting, please wait about 5 minutes after bootup, and then click Start>Run and type the following bolded command, then hit Enter.
      • helpasst -mbrt
    • Make sure you leave a space between helpasst and -mbrt
    • When it completes, a log will open.
    • Attach this log to your next message.
  • If the tool DOES NOT detect an mbr infection and completes running:
    • Click Start>Run and type the following bolded command, then hit Enter.
      • mbr -f
    • Make sure you leave a space between mbr and the -f
    • Now, please do the Start>Run>mbr -f command a second time.
    • Now shut down the computer (do not restart, you must shut it down), wait a few minutes then start it back up.
    • Give it about 5 minutes after the bootup and then click Start>Run and type the following bolded command, then hit Enter.
      • helpasst -mbrt
    • Make sure you leave a space between helpasst and -mbrt
    • When it completes, a log will open.
    • Attach this log to your next message.

No matter what happens with the above, attach the above logs and then immediately continue with the below in normal boot mode!




Now we need to use ComboFix

• Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
  • If it is not on your Desktop, the below will not work.
• Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
• If ComboFix tells you it needs to update to a new version, make sure you allow it to update.
• Open Notepad and copy/paste the text in the below quote box. Ensure you scroll down to select ALL the lines:

Code:

KILLALL::

File::
C:\WINDOWS\DUMP92e9.tmp
C:\WINDOWS\TEMP\$$$dq3e
C:\WINDOWS\TEMP\$67we.$
Folder::
c:\documents and settings\HelpAssistant

• Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
• At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
• You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
• Now use your mouse to drag CFscript.txt on top of ComboFix.exe
  
  
  
  
• Follow the prompts.
• When it finishes, a log will be produced named c:\combofix.txt
• I will ask for this log below

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.


Now go to this MGTools and download the new version of MGtools.exe to you C Drive! Not in any other location like you had it before.

Run the new MGTools.exe and attach the C:\Mglogs.zip into your next reply as well as the logs from SUPERantispyware, MBAM, and the logs from running HelpAsst_mebroot_fix.exe.

Let me know how things are running now, please.

 

I changed the order of my fix and edited last night. I apologise. I need you to re-run the fix as from the HelpAsst_mebroot_fix.exe Step onwards.

Then attach the log from that and also the C:\Mglogs.zip after running all the steps after the Help Assistant step.

Thanks.
Kes13!

 

Do you have your Windows Home Edition CD handy? If not we may have to have you make a boot CD.

 

Boot to the Recovery Console and run the fixmbr to clear a Master Boot Record infection that you have.

You can read the below to help you do this:

http://support.microsoft.com/kb/307654


After running the fixmbr command and boot back to normal mode, continue with the below.

Run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this.