Followed the steps but ComboFix didn't work...

Welcome to MajorGeeks!

Please be patient while I review your logs and workup a fix.

dr.m

 

int_architect

Did you "Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix" as instructed? Did you receive any popup warnings from Kaspersky as shown stated in Windows XP Malware Removal/Cleaning Procedure - Step 1?

*Other than the tools our guide instructed you to save there, I strongly recommend that you clean up this account's Desktop immediately leaving only shortcut links. [ C:\Documents and Settings\Dan\desktop ] Do not store downloads, exe files, iso files....etc on your Desktop. First it is not a safe place to keep them (i.e., you may loose them due to malware, and a cluttered Desktop is an easy hiding place for malware), and last but not least - it can have an effect on your PCs performance.


Step 1:
Please look in Add/Remove Programs (Programs and Features if using Vista or Windows 7) for the following and uninstall if found. If you get any errors just make a note and continue on.

Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

Step 2:
Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

After clicking Fix, exit HJT.

Step 3:
Now Copy the bold text below to notepad. (Do not include any space above the word "REGEDIT4")Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" . Once you have saved it double click it and allow it to merge with the registry.

Make sure that you tell me whether or not you receive a success message about adding the above to the registry. If you do not get a success message, it definitely did not work.

Step 4:
Using Windows Explorer - Delete all files and subfolders in the below folders except ones from the current date (Windows will not let you delete the files from the current day).

Step 5:
Open CCleaner - select "Cleaner" > "Run Cleaner" <---use this function ONLY!


Step 6:
Now reboot your machine and install the latest Sun Java Runtime Environment

Step 7:
Please try again to run ComboFix according to the instructions. Then run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Windows 7, use right click and select Run As Administrator).

Please attach the new C:\MGlogs.zip file to your next reply.

* Make sure you tell me if you had any problems running this procedure; and answer this - "What malware problems are you still experiencing?"

dr.m

 

You're welcome!

I just would like to see CF's log, if possible. If you still can't get it to run, then please get me the logs from the below:

Please download OTL by OldTimer, saving it to your desktop:

• Close all open windows on the Task Bar. Double-click the OTL icon to start the program and let it run uninterrupted.
• When the windows appears, underneath Output at the top - change it to Minimal Output.
• Under the Standard Registry box, change it to All.
• Check the boxes beside LOP Check and Purity Check.
• Now click the Run Scan button at Top left and let the program run - the scan may take 5-10 minutes.
• Do not TOUCH your keyboard until the scan completes!
  • It will produce two (2) logs on your desktop, one will pop up called OTL.txt and the other - Extras.txt. These logs are saved normally directly under your C:/ directory.
  • Now exit Notepad.
  • Exit OTL by clicking the [X] at top right.

Attach both OTListIt.txt and Extras.txt logs to your next reply.

dr.m

 

Seeing that you're online- let's also run an online scan; as I've only found minor things to deal with sofar.

Using ESET's Online Scanner
NOTE: This scan can take more than an hour, so be patient!

Attach this log also with your next reply.
dr.m

 

Yes, as the last step - then attach all to your reply.

dr.m

 

I'll watch for your replies.

 

*We have some cleanup to do as Uniblue's "Driver Scanner" looks to be uninstalled.

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  Code:

  
  :OTL
  O4 - HKCU..\Run: [DriverScanner] C:\Program Files\Uniblue\DriverScanner\launcher.exe File not found
  
  :Files
  C:\Documents and Settings\All Users\Uniblue
  C:\Documents and Settings\Dan\Application Data\Uniblue
  
  :Reg
  [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
  "DriverScanner"=-
  [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
  [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
  [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
  [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
  [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
  [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
  [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
  [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
  [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
  [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
  [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
  
  :Commands
  [EMPTYTEMP]
  [EMPTYFLASH]
  [REBOOT]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button.

Please attach the new log it produces in your next reply.

* Make sure you tell me if you had any problems running this procedure; and answer this - "What malware problems are you still experiencing?"

dr.m

 

These are entries that have been added to your Hosts File to actually prevent you from being able to go to these malware sites

*Please be patient while I ask the team to also look at your logs to see if they detect something.

dr.m

 

int_architect

Please go to Jotti's malware scan
(If more than one file needs scanned they must be done separately and logs posted for each one)

• Copy these file paths in the below Code box:
  
• At the upload site, click the browse button.
• Next click Submit file
• Your file will possibly be entered into a queue which normally takes less than a minute to clear.
• This will perform a scan across multiple different virus scanning engines.
• Important: Wait for all of the scanning engines to complete.
• Once the scans are finished, Copy and then Paste the links in the address bar into your next reply.

Please run OTL by OldTimer

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  Code:
  
  Code:

  :Reg
  [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2{61cd65e0-4af2-11df-9bfc-00042398beb7}]
  
  :Commands
  [EMPTYTEMP]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button.

Please attach the new log it produces and the links to Jotti's malware scan results in your next reply.

How is your machine running?

 

int_architect

I see no malware in your logs as a cause - please visit our Software Forum for further assistance.

If you are not having any other malware problems, it is time to do our final steps:

1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
   • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
   • "%userprofile%\Desktop\combofix" /uninstall
     • Notes: The space between the combofix" and the /uninstall, it must be there.
     • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
3. Go back to step 6 of the READ ME and re-enable your Disk Emulation software with Defogger if you had disabled it.
4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
6. If running Vista, it is time to make sure you have re-enabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
7. Go to add/remove programs and uninstall HijackThis.
8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders
   related to MGtools and some other items from our cleaning procedures.
9. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
   • Refer to the cleaning procedures pointed to by step 7 of the READ ME
     for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
10. After doing the above, you should work through the below link:
    • How to Protect yourself from malware!

Safe surfing!