MGtool can't run and it's back to previous condition

Welcome to Major Geeks!

You need to attach the logs that we requested from the below tools:

• SUPERAntiSpyware
• Malwarebytes
• ComboFix
• RootRepeal

Also check to see if MGtools made the C:\MGlogs.zip file. If it did then attach the MGlogs.zip file too.

 

You need to attach the log from MGtools that was created as I requested. It is on your PC per the ComboFix log

Code:

2010-12-16 15:06 . 2010-12-16 15:04 95255 ----a-w- C:\MGlogs.zip

The also complete the below.


Download TDSSKiller from Kaspersky to your directly onto your Desktop

• Now double click the TDSSkiller.exe file to run it ( if using Vista or Windows 7 do not double click on it but rather, right click and select Run As Administrartor. )
• Allow the application to run if prompted by Windows or any security programs you have installed
• It will start the scan and run rather quickly and will notify you of whether anything is found or not.
• Follow the instructions to delete/quarantine if asks you what to do when if finds something.
• Whether an infection is found or not, a log file should be created on your C: drive ( or whatever drive you boot from) in the root folder named something like TDSSKiller.2.1.1_27.12.2009_14.17.04_log.txt which is based on the program version # and date and time run. Please attach this log to your next reply. (See: HOW TO: Attach Items To Your Post )

 

We were posting at the same time. See my message below and run TDSSkiller.

 

Your logs are clean now, but you do need to put your PC into normal startup mode with MSconfig as was requested in step 4 of the READ & RUN ME.


Are you currently having any malware problems?

 

Normal. You need to install your Windows Updates which is what the wuacuclt.exe program is part of.

Normal boot mode takes longer to boot while all of your startups load. The READ & RUN ME gaving you info on dealing with this at the end of step 4 ( see: Dealing with Startup Process )

In the second snapshot you attached, there are two corrupted restristry keys ( that I cannot see the full name from your snapshot ) that may need repair. Please attach a new log from MGtools after first running C:\MGtools\GetLogs.bat

 

This error along with other possible errors was explained in the Using MGtools link given in the READ & RUN ME steps. You don't have MS .Net Framework installed.

Is the below still installed on your PC? Where did this come from?
O4 - Startup: StartupFaster


I cannot see the problem registry keys ( the ones from your previous snapshot ) in your logs. Do they still show in MSconfig? It may be MSconfig registry corruption or due to some tool you ran like StartupFaster or RegRun ( both of which you put on your PC on 12/16/2010 after having already run the READ & RUN ME which clearly stated not to do anything we don't ask you to do!!!! )

Can you give a more complete snapshot that shows the full registry key info ( or just type the info )?

 

Not right now. It is not really important that we have that other log that was failing as you don't really have any malware. You just have some left overs.

You are not supposed to be terminating it!!!!! As stated, it is part of Windows. It is Windows Update and it runs as a service. If you stop a service, a service will restart within a few seconds. This is normal behavior. If you don't know what something is, you should not be touching it. You need to stop doing this before you break your PC.

Which is also why they should never have been installed in the first place.

Well it was not what you should have installed anyway as it would not tell you if you were clean or not. That is why we have the READ & RUN ME.

You don't appear to be explaining this properly because there is no way that MGtools can turn your PC off and on again several times. If your PC went off, it would stay off. MGtools only runs when you run it, and would not run again after a PC was powered down unless you ran it again.

Okay let's try two things. First I want you to uninstall Malwarebytes. Now do the below where we will try to fix this and the problems caused by StartupFaster and RegRun.

Now we need to use ComboFix

• Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
  • If it is not on your Desktop, the below will not work.
• Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
• If ComboFix tells you it has expired or need to be updated to a new version, make sure you allow it to update.
• Open Notepad and copy/paste the text in the below quote box into it:

• Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
• At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
• You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
• Now use your mouse to drag CFscript.txt on top of ComboFix.exe
• Follow the prompts.
• When it finishes, a log will be produced named c:\combofix.txt
• I will ask for this log below

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.

Now run Ccleaner. Only use the Run Cleaner button. Do not run anything else on any other forms.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).

Then attach the below logs:

• C:\ComboFix.txt
• C:\MGlogs.zip

Make sure you tell me how things are working now!

 

If you had not noticed, I edited my initial fix within a minute or so to make the fix more automated and easier. So click refresh since we are using ComboFix to fix things now.

 

Okay then run the fix with ComboFix and then the new GetLogs.bat scan and attach new logs.

 

Why are you running the dotnetfx.exe again? You only needed to run it once to install MS .NET Framework.

If however you are getting messages from Microsoft about Windows Genuine Advantage, it is likely that you never updated to the current version and this is just one of the many updates you may need since you are very out of date.

Your logs are clean.

 

One comment that I do have to make is that this PC will run very slow due to the fact that you do not have enough memory to properly run Windows XP. Your logs show the below

You need to add a MINIMUM of 4 times this ( 4x256 MB = 1GB ) but 8 times ( 2 GB ) is highly recommended especially for when you upgrade to Win XP SP3 which you need to do.

 

Is your Windows XP copy legit and is it licensed to you and only you? Can you goto Windows Update and install the current version of Window Genuine Advantage and other updates? If not then your copy of Windows is not considered legit by Microsoft and you need to address this with Microsoft.

You're welcome.




If you are not having any other malware problems, it is time to do our final steps:

1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
   • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
   • "%userprofile%\Desktop\combofix" /uninstall
     • Notes: The space between the combofix" and the /uninstall, it must be there.
     • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
3. Go back to step 6 oof the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
7. Go to add/remove programs and uninstall HijackThis.
8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders
   related to MGtools and some other items from our cleaning procedures.
9. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
   • Refer to the cleaning procedures pointed to by step 7 of the READ ME
     for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
10. After doing the above, you should work thru the below link:
    • How to Protect yourself from malware!

 

Then since you are getting a message from WGA, you have a non-valid license. This is not due to the cleaning process.

A history of what our scans did:

• Nothing was found or fixed by SUPERAntiSpyware
• Nothing was found or fixed by Malwarebytes
• Nothing was found or fixed by ROOTREPEAL
• The only things removed by ComboFix was an out of place registry backup from CCleaner
• Nothing was found or fixed by MGtools
• Nothing was found or fixed by TDSSkiller

The only changes we made were to remove left overs from programs you installed that we did not request ( RegRun and Startup Faster )

When you installed the Microsoft .NET Framework apparently something in Windows woke up and detected and non-valid Windows license or a license that has been used on several PCs ( which is illegal ). You will have to work this out with Microsoft to pursue purchasing a valid license for Windows. You can also ask additional questions about this in our Software Forum; however, do note that no one there can help you make a non-valid copy of Windows valid. You need your license key and you need to activate Windows. If you have the license key, you should be able to activate it unless the license has already been used on another PC.

In order to become a malware fighter, you need to have a pretty good understanding of each version of Windows and you have to have a significant amount of training to understand how to recognize malware and to know how to use all the tools and to be able to create fixes. Unfortunately, we do not have enough time and resources here to train people who are not already experts. If you really wish to pursue this and are sure you have the time ( it takes a lot ) then see the below link:

Becoming A Malware Forum Helper