Please help me make sure my computer is secure.

Just download ComboFix to your desktop, then double click it.

Same goes for MGTools.exe. Although we would like you to save it to the root folder ( C:\MGTools.exe ) you can download it to the desktop and run it from there.

 

Please try booting to safe mode and see if you have the same problem. If so, create a new user account with admin. privileges and see if you can install and run them through that user account.

Have you tried doing a system restore to a point before this started?

 

First, I can't make a pronouncement on your system with out seeing the other logs.

Is the main issue one with redirects only?

If you have downloaded MGTools and put it on your C:\ drive, then click Start, Run, and enter cmd and click OK. This will open a command prompt window. Enter the below commands at the command prompt each followed by the enter key. The bold black are commands. The red is merely informational.

cd \MGtools <-- this changes to the MGtools folder and the prompt should change to C:\MGtools>
GetRunKey <-- this will try to run all one scan from MGtools. Tell me what error messages, if any, you see.
ShowNew <-- this will try to run all another scan from MGtools. Tell me what error messages, if any, you see.

 

Are you able to run this at all?

Go to TDSSKiller and Download TDSSKiller.zip to your Desktop

• Extract its contents to your Desktop so that you have TDSSKiller.exe directly on your Desktop and not in any subfolder of the Desktop.
• Click Start > Run and copy/paste the following bold command into Run box and hit Enter.

"%userprofile%\Desktop\TDSSKiller.exe" -v

• Follow the instructions to type in "delete" when it asks you what to do when if finds something.
• When done, a log file should be created on your C: drive named something like TDSSKiller.2.1.1_27.12.2009_14.17.04_log.txt which is based on the program version # and date and time run. Please attach this log to your next reply.

 

That's good. Now try and run both combofix and MGTools again. Let us know what happens and attach the C:\Mglogs.zip if successful.

 

I think your only option might be to reformat and reinstall windows. We will leave TimW to have the last word on that though. If combofix is correct in it's report about you being infected with virut (and it usually is) Then I don't think you have any alternative than to reformat.

 

Yes, let's just wait and see what TimW says when he logs in again tomorrow. He will be winding down for the evening now before going to bed.

 

Just wait for Tim

 

Without seeing the ComboFix log and not being able to run MGTools to get that log, the safest thing to do is to go ahead and reformat the C: drive, as long as you have no exe files on the partition in E:. Do not reinstall anything from a thumb drive or other media at that time. Make sure all programs are fresh downloads. DO not move any exe files to the E: drive.

Once you are back up and running, then proceed with doing the scans anew to make sure there is no infected files on the partition.

 

Can you attach the ComboFix log?

 

The good news is that you don't have a virut infection. Let's just do this:

You need to disable the AV portion of Comodo since you also have AVG running.

* Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
If it is not on your Desktop, the below will not work.
* Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
* If ComboFix tells you it needs to update to a new version, make sure you allow it to update.
* Open Notepad and copy/paste the text in the below code box into it (make sure you scroll all the way down in the code box to get all lines selected ):

Code:

KILLALL::

File::
C:\Documents and Settings\Benjamin\Local Settings\Application Data\Q8T6845
C:\Documents and Settings\Benjamin\Local Settings\Application Data\rQVN4I4g
C:\WINDOWS\system32\zigaweje

Folder::
C:\Documents and Settings\Benjamin\Application Data\Mozilla(2)
C:\Documents and Settings\Benjamin\Application Data\Mozilla(4)
C:\Documents and Settings\Benjamin\Local Settings\Application Data\Q8T6845
C:\Documents and Settings\Benjamin\Local Settings\Application Data\rQVN4I4g
C:\WINDOWS\system32\zigaweje

* Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
* At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
* You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
If it asks you to overide the previous file with the same name, click YES.
* Now use your mouse to drag CFscript.txt on top of ComboFix.exe

* Follow the prompts.
* When it finishes, a log will be produced named c:\combofix.txt
* I will ask for this log below

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.

Now run CCLeaner and make sure these folders are cleaned out:
C:\WINDOWS\Temp\
C:\Documents and Settings\Benjamin\Local Settings\temp

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

Then attach the below logs:

* C:\ComboFix.txt
* C:\MGlogs.zip

Make sure you tell me how things are working now!

 

Why are you running it in cmd.exe? Just right click the getlogs.bat and run as administrator.

 

Ah, right. If you still can't get it to run, delete it and download a fresh copy of MGTools.exe and let it over ride the old one.

 

Well, this is the poo. Are you sure you are waiting long enough for it to run?

Did you do the Combo fix and do you have that log to attach?

 

Check in task manager that it is not still running. Your combo log is good and I am seeing an MGLogs.zip from today's date at a little after 5pm. ( Is that what you already attached?)

What issues are you still having?

 

Car crash? I certainly hope no one was injured.

Do a search for the new MGLogs.zip.....it should be where we tell you it is --> C:\MGlogs.zip.

It may not be real important as I think you are clean, but the log would tell me that.

 

Unfortunately all that was in that was the Uninstall keys log. Try doing it in safe mode. I would really like to be able to pronounce you clean.

 

Ok, that worked. Let's remove an empty folder and a reg key.

* Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
If it is not on your Desktop, the below will not work.
* Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
* If ComboFix tells you it needs to update to a new version, make sure you allow it to update.
* Open Notepad and copy/paste the text in the below code box into it (make sure you scroll all the way down in the code box to get all lines selected ):

Code:

KILLALL::

File::
c:\documents and settings\Benjamin\Local Settings\Application Data\prvlcl.dat
c:\windows\system32\drwtmlby.dll
Registry::
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\appcertdlls]
"eveninit"=-

* Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
* At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
* You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
If it asks you to overide the previous file with the same name, click YES.
* Now use your mouse to drag CFscript.txt on top of ComboFix.exe

* Follow the prompts.
* When it finishes, a log will be produced named c:\combofix.txt

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.

If you are not having any other malware problems, it is time to do our final steps:

1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no real time protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
   • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
   • "%userprofile%\Desktop\combofix" /uninstall
     • Notes: The space between the combofix" and the /uninstall, it must be there.
     • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
     
     
3. Go back to step 6 oof the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
7. Go to add/remove programs and uninstall HijackThis.
8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders
   related to MGtools and some other items from our cleaning procedures.
9. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
   • Refer to the cleaning procedures pointed to by step 7 of the READ ME
     for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
10. After doing the above, you should work thru the below link:
    • How to Protect yourself from malware!
    
    

 

You are most welcome. BleepingComputer.com is a good place to check on latest malware threats. You can also become a member/friend on FaceBook and get alerts that way.