Malware removal process and logs attached

I discovered A9Installer (the icon was for set up so it was not yet installed) on my computer and did a google on it and came to your website with the forum that takes you through the long arduous process of malware removal. I performed the whole thing from beginning to end and have attached the logs in hopes that you will review them and let me know if all is well.

There are a couple of things I encountered in the process you should be aware of:
During the Combofix process the following things occurred:

1. I received a message that a firewall had blocked a potential virus during the process (didn't write down what it said but i assume it is the one you mentioned called Huar.Invader...at least I think that's what you called it). I thought I had disabled the firewall (McAfee) but I am thinking maybe it was the windows firewall that I possibly failed to disable.

2. I did not get the window that said: "
Almost done...this window will close in a short while. Please wait a few seconds for the report log to pop up. ComboFix's log shall be located at C:\ComboFix.txt"

Instead it went straight to a display of the log. I did a 'save as' to the desktop and closed the log and got a brown screen. No icons, no nothing. I then pressed Ctrl. Alt. Delete to reboot. I got the usual window and clicked 'end program'. Then I went to the 'shut down' tab and the drop down menu showed up and I clicked on 'restart'. The computer restarted just fine. However, my desktop was no longer of 'Mater' from the movie Cars it is now just plain ole brown.

 

Hello muchwork!

Did you forget something?

Please attach your logs by replying to this thread. HOW TO: Attach Items To Your Post

Thanks!

 

I think I forgot to hit the "upload" button the first time around.
Also, I tried to send a second message so I could attach the 4th log in a separate message but, being new to this forum thing, I was unable to figure it out. I will try to figure it out again. Otherwise, I will wait until you reply again and send it then. Sorry for being such a dunce in regarding this. :confused

 

Last log attached.

 

No, I am not having any problems.

 

I followed your instructions to the letter and I DID receive the success message about adding it the the registry.

I proceeded from there with steps 1 - 9 you sent and I encountered a few things I have questions about. Below is a summary of each step:

1. I kept SAS and Malwarebytes like you recommended.
2. Combo fix uninstalled perfectly
3. I deleted CCleaner with no problem. I tried to uninstall SpyBot Search and Destroy and received a two paragraph warning. The second paragraph gave the following message: " Are you really sure you want to completely remove Spybot-Search and Destroy and all of its components instead of trying the Undo functions first?" Is it OK to go ahead and uninstall it?
Should I delete the logs I sent to you? Can I delete messengerdisable.zip and WindowsXP-KB310994-SP2Home-BootDisk-ENU.exe from the desktop?
4. I deleted fixme.reg from the desktop
5. Not Applicable - I am running XP
6. I uninstalled Hijack this. I Received a message that it may have already been uninstalled and asked if I wanted to remove the name from add/remove programs. I clicked yes. Hope that was OK.
7. Deleted C:\MGlogs.zip and C:\MGtools.exe file without a problem. When I tried to delete the C:\Mgtools folder I received the following message:
"Renaming, moving or deleting MGtools could make some programs not work. Are you sure you want to do this?" I clicked no until I could get an answer from you that it would be ok. Can I click yes when I get this message?
8. Haven't done this yet. Waiting to hear back from you on the above items before I proceed.
9. Haven't done this yet either.

I believe that covers all my questions. Thanks for all the help you are giving me. Your time and effort is MUCH appreciated!

 

I completed number 8 and 9. Rather than using the AV and Firewalls you suggested I currently have McAfee so I thought I'd just leave well enough alone and maybe I'll change when it expires.

Question - Mcafee occasionally gives me a warning of a PUP called Tool-NirCmd and tells me it blocked it. Should I allow this program or not? What is it?

Also, during this whole Malware removal process I did encounter another warning from McAfee regarding PrcViewer. Should I allow this or not? I think I allowed it when it came up. Not sure though.

If i purchese SAS and malwarebytes so they become real time do they perform like AV or are they in addition to that? Asking just so I know when the time comes that my McAfee expires.

Regarding your instructions from #9 on SunJava. I seem to remember being instructed to do that during the Malware removal process and then to install the latest version from the SunJava website. I remember doing that. I now have a desktop icon that says: Java(TM)6 Update 10. Is that the right one?

I use Firefox (have for a long time) but IE is still on my computer. Can I uninstall it or not? Because I don't use IE I didn't do anything regarding the Active X instructions. Should I do it even if I don't use IE?

Lots of questions, I know, but I feel like since I've come this far I might as well be thorough about this. I saw that you recommended cleaning your computer twice a month. Does that mean using SAS and Malwarebytes or does that mean going through the entire process of Malware removal as instructed on this website?

Thanks again for the help! :cool