Where to ask for help with cleaning malware

Where and how do I post, to receive help with cleaning my system.

I have completed the "Windows XP Cleaning Procedure".

 

TimW

Thank you very much for your reply. I was about to give up and seek help at bleepingcomputers...

I will post the logs in a moment.

I note at least one of the logs lists names of recent documents and web sites I have visited. Will any of this be visible to other browsers (members or non-members?)?

 

TimW

Once again, thank you very much for your reply.

I will reply with attached files however, I may disguise the names of documents recently created (without effecting the rest of the log file).

 

TimW

Thank you for your reply.

I have reviewed the files and there is nothing or major concern however, I do need to include a short write-up of how the various scans performed and the nature of recent problems. This may not be ready until much later so I will looki forward to your reply tomorrow.

Thank you for your time and patience.

 

Dear TinW

Thank you for being patient.

My computer crashed horribly this morning (with a blue screen. See below) and for the small amount of time available to me, it took all day to get it up and running again (required a lengthy CHKDSK /F /R).




==============================================
ATTACHED FILES
==============================================

SAS.log
mbam-log.txt
rootrepeal.txt
MGlogs.zip
ComboFixFolder.jpg

I do not have a ComboFix log file.




==============================================
SCAN RESULTS ("Windows XP Cleaning Procedure")
==============================================

---------------------
(1) SUPER ANTISPYWARE
---------------------

Detected 2 Macromedia tracking cookies.
Quarantined
PC rebooted itself.

Re-ran SAS configured to start scanning from parent folder of where the Macromedia tracking cookies were reportedly found.

Detected 2 Macromedia tracking cookies.
Quarantined
SAS ended normally this time.




----------------------------
(2) MALWAREBYTES ANTIMALWARE
----------------------------

OK




------------
(3) COMBOFIX
------------

C/F prompted to search for updates. I answered 'Yes'.
(Did not notice how many stages completed)
(Did not notice any messeges displayed)
Computer crashed with the following Blue screen:

A problem has been detected and Windows has been shut down to prevent damage to your computer.

BAD_Pool_Header
etc...

Stop 0x00000019
0x00000020 (0x884E60DB, 0x884E64F0, 0x1A830001)
etc...


Re-ran C/F.


C/F prompted to search for updates. I answered 'Yes'.
Completed 50 stages.
Briefly displayed messege in same DOS box "Deleting file...". (Didn't notice a filename).
Computer crashed with with the following Blue screen:

A problem has been detected and Windows has been shut down to prevent damage to your computer.

BAD_Pool_Header
etc...

Stop 0x00000019
0x00000020 (0x88974158, 0x88974570, 0x1A830007)
etc...




--------------
(4) ROOTREPEAL
--------------

OK




-----------
(5) MGTOOLS
-----------

During the phase: "Running Processdll.exe to find loaded DLLs", a dialog box titled "processdll.exe - common language runtime processing services" popped up stating:

Application has generated an exception that could not be handled.

Process ID = 0x840 (212), Thread ID = 0xECC (3788)

Click OK to terminate...
Click Cancel to debug application.

Clicked OK to cancel
Manually restarted PC
Re-ran MGTOOLS

During the phase: "Running Processdll.exe to find loaded DLLs", a dialog box titled "processdll.exe - common language runtime processing services" popped up stating:

Application has generated an exception that could not be handled.

Process ID = 0xCC0 (3264), Thread ID = 0xAC (172)

Click OK to terminate...
Click Cancel to debug application.

Terminated process in Windows Task Manager.
MGTOOLS completed and created ZIP file.




==============================================
CONSIDERATIONS
==============================================

Computer crashed with the following blue screen while unattended this morning.

A problem has been detected and Windows has been shut down to prevent damage to your computer.

KERNEL_STACK_INPAGE_ERROR
etc...

0x00000077 (0xC0000185, 0xC0000185, 0x09358000)
etc...


Performed a CHKDSK /F /R

--------------------------------------------------------------------

I currently have a file on my desktop called "CFScript.txt" containing the following single line:

KillAll::

--------------------------------------------------------------------

I have a C:\ComboFix folder which shows up as a small blue-screen computer in the Folders list of Explorer. When I expand the folder by clicking on the [+], it displays the same info contained in Desktop\My Computer. This is a recursive folder. See attached image.

A symptom of this is: When I perform a Windows Search, the Search Results continually repeats the same results for each level the search recurses down to.

I am worried that if I make changes to this folder, It will reflect in ALL higher folders. Similarly, if I delete the ComboFix folder, I am worried it may delete EVERYTHING from my drive. - Please confirm what I should do about this.

--------------------------------------------------------------------

I routinely manually delete files from my Temporary folder - which explains the absence of 100's of files.

I routinely delete Cookies using Internet Options - which explains the absence of many files.

I routinely manually delete entries from:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

and

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

which explains the absence of many startup entries.

Most of the batch files scattered about the drive are my own creations - I write DOS batch files so please do not be overly concerned about these.

--------------------------------------------------------------------

Thank you kindly for your help.

 

Dear TimW

Here is the JPG image of the ComboFix folder as described in my previous comment.

Thank you.

 

TimW

Thank you for your VERY speedy reply.

(1) I just have a 'gut-feeling' (paranoia perhaps) that all is not what it should be.

(2) On at least 2 occasions my mouse has stopped responding - required a reboot.

(3) Unexplained disk activity.

(4) 3 recent Blue-Screen-Of-Deaths

(5) Inability to successfully complete ComboFix, MGTools and a recent GMER scan without problems (is 'something' trying mask detection?).

(6) Occasional (rare) ad popups

Just niggly little things....

 

Dear TimW

How do I deal with the ComboFix 'folder' left on my system?

Thank you for your valued time.

 

Dear TimW

I have completed all you have instructed me to do so.

Thank you for your valued assistance and time.

Paul.