question on "Windows XP Cleaning Procedure"

No! I was referring to the installation program that you downloaded. It is named mbam-setup.exe and that is what often needs to be renamed to mb.exe to allow it to be installed in the presence of certain malware. The file you are referring to is the installed program file name which is C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

Sometimes it is also necessary to rename the program files too when malware blocks them from running. If you do rename the C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe file, you would also have to update shortcuts to be able to run the program when you click on the shortcut.

 

First if you are not having a problem running the installer then you will not have to even worry about. ( since you message implies you already installed it then it does not matter any more ). However when you download files you can rename them as they are downloaded. This is standard Windows operating procedure. It is nothing fancy. It is allowed by your browsers. If you don't do that, you can also just right click on the file after downloading and then select Rename. Again standard Windows procedures.

 

You don't need to rename combofix. Just download it and save it to your Desktop. If for some reason it is showing up as combofix[1].exe or similar just change the name to combofix.exe

 

Re: malware removal logs (part 1)

It was explained in the READ & RUN ME. See this: How to disable Spybot's TeaTimer

It was still running in your logs so do exactly what the above indicates and then reboot your PC.

Uninstall the below old versions of Sun Java as requested in step 1 of the READ & RUN ME:
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) SE Runtime Environment 6 Update 1

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\RunOnce: [] C:\Program Files\Internet Explorer\iexplore.exe http://www.symantec.com/techsupp/se...0000049.000000bb&c=00000082.00000096.000001da

After clicking Fix, exit HJT.

Now we need to use ComboFix to remove a bunch of malware files.

• Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
  • If it is not on your Desktop, the below will not work.
• Open Notepad and copy/paste the text in the below quote box into it:

• Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
• At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
• You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
• Now use your mouse to drag CFscript.txt on top of ComboFix.exe
• Follow the prompts.
• When it finishes, a log will be produced named c:\combofix.txt
• I will ask for this log below

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.

Copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Make sure that you tell me if you receive a success message about adding the above
to the registry. If you do not get a success message, it definitely did not work.

Now run Ccleaner!

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

Then attach the below logs:

• C:\ComboFix.txt
• C:\MGlogs.zip

Make sure you tell me how things are working now!

 

Thanks for the suggestion. I went a step further and added some snapshots. Take a look at it now.

 

Re: malware removal logs (part 1)

Yes it was mentioned twice. Once in the READ & RUN ME where we had you download ComboFix it gave the below with important notes. Notice the Online Armor was specially mentioned as a problem.

Then later when you intially first ran ComboFix we had you go to the bleepingcomputer official download site to follow instructions for installing and running ComboFix. On this page after the Recovery Console is installed and you are ready to run ComboFix it said:

Now yes we could put this repeat this same information over and over again in every single fix, but then we have the hundreds of people who complain on how long the fixes are already. Plus it does not matter how much detail we put into the instructions if they are not read and the instructions are not followed. Example, see below.

Now here is even another important note (the last bullet item in the list) from the very first section of the READ & RUN ME:

So when you first started this thread you logs showed Symantec Internet Security and its firewall. Now you are talking about Avast and Online Armor. Why did you change everything??????

So you will find that ComboFix did not run at all due to Online Armor which is why there is no log.