Malware desperation...

Please try to follow everything in the READ & RUN ME FIRST. Malware Removal Guide

You may need to try running the scans in safe mode and / or renaming them as suggested. We need to see the logs in order to assist you.

 

Yes, it is normal to have the Admin account in safe mode. It assigned an avatar by default.

 

Where exactly are you looking for the log and what file name are you looking for?


The C:\MGtools folder was created as I can see this in your ComboFix log which is strange since MGtools.exe was not supposed to be run before combofix.

 

MGtools did not finish running. Please do the below and make sure you close all browser Windows before hand.

Run C:\MGtools\analyse.exe by double clicking on it This is really HijackThis. You may see a license agreement from TrendMicro. You need to click the Accept button twice to accept this license. Then when the program loads, select Do a system scan and save a logfile

When the above finishes running a notepad file will open with the hijackthis.log in it. Just close it. The file is already saved in your C:\MGtools folder.

Now I need you to run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).



Then attach the below logs:

• C:\MGlogs.zip

Make sure you allow GetLogs.bat to finish running. It will tell you when it finishes.

 

You say your problems began on Wednesday. That is the same day you installed DAEMON Tools Toolbar according to your logs. Did your problems start after installing this? Also it looks like you did not complete step 6 of the READ & RUN ME to disable this disk emulation software.

Now we need to use ComboFix

• Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
  • If it is not on your Desktop, the below will not work.
• Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
• If ComboFix tells you it has expired or need to be updated to a new version, make sure you allow it to update.
• Open Notepad and copy/paste the text in the below quote box into it:

• Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
• At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
• You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
• Now use your mouse to drag CFscript.txt on top of ComboFix.exe
• Follow the prompts.
• When it finishes, a log will be produced named c:\combofix.txt
• I will ask for this log below

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.

Now run Ccleaner. Only use the Run Cleaner button. Do not run anything else on any other forms.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).

Then attach the below logs:

• C:\ComboFix.txt
• C:\MGlogs.zip

Make sure you tell me how things are working now!

 

What happen after posting your logs in message # 14 where everything was still working? Was the PC being used by anyone for anything other than coming here to repair it? All we removed in the last fix would not cause the problems you mentioned.

What exactly would happen and what were you trying to run? Did the PC boot up okay and could you login?

Very bad idea. As stated in the READ & RUN ME, you should only being doing what we ask you to do. Doing things on your own could result in you deleting necessary files for your PC to operate.

Why?? There is no reason to do this and how did you "uninstall" ComboFix?

MGtools is not truly installed and does not require or use an installer program like this and you should not be removing it anyway until requested. We cannot help you if you remove the tools you need to give us the information required to give you this help.

Things were proceding just fine. I'm not sure why this should be necessary. What is your current status? You will have to attach a new log from MGtools after running the GetLogs.bat file so we can get some new information.

What error messages exactly and when do they occur?

I have no idea what this is but this was not occurring previously and nothing we have done would affect any Acer files. What have you or someone else been doing in between fixes and exactly what did you remove with RootRepeal.

 

In addition to the new MGtools log, see if you can do the below.

Download TDSSKiller from Kaspersky to your directly onto your Desktop

• Now double click the TDSSkiller.exe file to run it ( if using Vista or Windows 7 do not double click on it but rather, right click and select Run As Administrartor. )
• Allow the application to run if prompted by Windows or any security programs you have installed
• It will start the scan and run rather quickly and will notify you of whether anything is found or not.
• Follow the instructions to delete/quarantine if asks you what to do when if finds something.
• Whether an infection is found or not, a log file should be created on your C: drive ( or whatever drive you boot from) in the root folder named something like TDSSKiller.2.1.1_27.12.2009_14.17.04_log.txt which is based on the program version # and date and time run. Please attach this log to your next reply. (See: HOW TO: Attach Items To Your Post )

 

Not strange! It is from Comodo which you now uninstalled. See the below if you wish to read about it.

http://forums.comodo.com/news-announcements-feedback-cis/comodo-internet-security-cis-40138377779-released-t54136.0.html;msg382300#msg382300


You forgot the new log from MGtools and also how are things working now?

 

As stated earlier, you are not supposed to be doing anything except what is requested by us. Kaspersky did not find anything valid. These are all false detections.


Your logs are clean.



If you are not having any other malware problems, it is time to do our final steps:

1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
   • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
   • "%userprofile%\Desktop\combofix" /uninstall
     • Notes: The space between the combofix" and the /uninstall, it must be there.
     • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
3. Go back to step 6 oof the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
7. Go to add/remove programs and uninstall HijackThis.
8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders
   related to MGtools and some other items from our cleaning procedures.
9. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
   • Refer to the cleaning procedures pointed to by step 7 of the READ ME
     for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
10. After doing the above, you should work thru the below link:
    • How to Protect yourself from malware!

 

You're welcome.

Donate to your favorite charity. That would make us happy.

 

Great! Surf safely!