Security Tool BSOD

Welcome to Major Geeks!

You need to put your PC into Normal Startup mode with MSconfig as requested in step 4 of the READ & RUN ME.


Please download and run Win32kDiag per the below instructions:

• Download this Win32kDiag and save to C:\Win32kDiag.exe. You must save it here!!!!
• Click on Start->Run, and copy-paste the following command (the bolded text) into the "Open" box, and click OK. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please attach this log

C:\win32kdiag.exe -f -r



Now download Junction,zip to your Windows folder

• Please download Junction.zip and save it to your Windows folder (i.e, C:\Windows\Junction.zip This assumes C:\ is your Windows boot drive.)
• Now unzip it and put junction.exeinto the Windows folder (i.e., C:\Windows\junction.exe)
• Do not try to run it right now. We will run something that uses it later.

Now we need to reset the permissions altered by the malware on some files.

• Download and save inhertit.exe to your Desktop: Inherit.exe
• It must be in your Desktop or the below fix will not work!

Now run the C:\MGtools\FixPerm.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

• A command prompt window opens and also a license agreement from SysInternals will appear for Junction.
• Accept the license agreement and the scan will begin.
• Wait until it finishes we can take a while to run since it scans your whole harddisk. e patient and don't do anything else while it is scanning.
• The command prompt window should close when it finishes.
• While this is running, you will get several/many popups that have a title Finish and say OK. Just click the OK button each time. This is an indication that it has found a file and has attempted to fix permissions. Depending on how many files that need to be fixed, you could get only a few or many of these popups.

Now run this Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Delete the below files:
C:\WINDOWS\ishvbf3v42.tmp
C:\WINDOWS\system32\92CBCF


Now run Ccleaner. Only use the Run Cleaner button. Do not run anything else on any other forms.



Now download the current version of MGtools and save it to your root folder. Overwrite your previous MGtools.exe file with this one.

Run MGtools.exe ( Note: If using Vista make sure UAC is still disabled. Also don't double click on it, use right click and select Run As Administrator )

Now attach the below log:

• the Win32kDiag log
• C:\MGlogs.zip

Make sure you tell me how things are working now!

 

Are you working your problems in another forum? Who asked you to download Rkill?

I strongly advise you to cleanup your very cluttered Desktop. Remove eveything but links to run programs. Do not download and save programs here and defintely do not use it for long term storage. You need to keep ComboFix.exe here for now as we need it, but we will be removing it when we are finished with your cleanup. A cluttered Desktop is malware's playground and it can also cause performance degradation.


Uninstall the below old versions of software:
Java(TM) 6 Update 7

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O2 - BHO: (no name) - {3A247B0C-A65A-41E6-997C-5276F3729A6E} - C:\Program Files\Common Files\mesof83122.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [DAEMON Tools-1033] SOFTWARE\Microsoft\Windows\CurrentVersion\Run
O4 - HKLM\..\Run: [DAEMON Tools] SOFTWARE\Microsoft\Windows\CurrentVersion\Run
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 8.0\avp.exe"
O4 - HKCU\..\Run: [ttool] C:\WINDOWS\9129837.exe
O4 - HKCU\..\Run: [Shield] SOFTWARE\Microsoft\Windows\CurrentVersion\Run
O4 - HKCU\..\Run: [PopRock] C:\DOCUME~1\Owner\LOCALS~1\Temp\c.exe
O4 - HKCU\..\Run: [NordBull] C:\DOCUME~1\Owner\LOCALS~1\Temp\d.exe
O4 - HKCU\..\Run: [MoneyAgent] SOFTWARE\Microsoft\Windows\CurrentVersion\Run
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Google Desktop Search] SOFTWARE\Microsoft\Windows\CurrentVersion\Run

After clicking Fix, exit HJT.


Now we need to use ComboFix

• Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
  • If it is not on your Desktop, the below will not work.
• Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
• If ComboFix tells you it has expired or need to be updated to a new version, make sure you allow it to update.
• Open Notepad and copy/paste the text in the below quote box into it:

• Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
• At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
• You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
• Now use your mouse to drag CFscript.txt on top of ComboFix.exe
• Follow the prompts.
• When it finishes, a log will be produced named c:\combofix.txt
• I will ask for this log below

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.


After reboot, now install the current version of Sun Java from: Sun Java Runtime Environment

Also delete all files and subfolders in the below folders except ones from the current date (Windows will not let you delete the files from the current day).
C:\WINDOWS\Temp
C:\Documents and Settings\Owner\Local Settings\temp

Now run Ccleaner. Only use the Run Cleaner button. Do not run anything else on any other forms.

Now download the current version of MGtools and save it to your root folder. Overwrite your previous MGtools.exe file with this one.

Run MGtools.exe ( Note: If using Vista make sure UAC is still disabled. Also don't double click on it, use right click and select Run As Administrator )


Now attach the below log:

• C:\ComboFix.txt
• C:\MGlogs.zip

Make sure you tell me how things are working now!

 

This does not make sense since your last MGlogs.zip file shows you ran in Normal Boot mode. And if you can run in Normal Boot mode you should be using that to complete instructions and to uninstall Java. So please clarify.



Now we need to use ComboFix

• Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
  • If it is not on your Desktop, the below will not work.
• Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
• If ComboFix tells you it has expired or need to be updated to a new version, make sure you allow it to update.
• Open Notepad and copy/paste the text in the below quote box into it:

• Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
• At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
• You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
• Now use your mouse to drag CFscript.txt on top of ComboFix.exe
• Follow the prompts.
• When it finishes, a log will be produced named c:\combofix.txt
• I will ask for this log below

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.


Now run Ccleaner. Only use the Run Cleaner button. Do not run anything else on any other forms.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

Then attach the below logs:

• C:\ComboFix.txt
• C:\MGlogs.zip

Make sure you tell me how things are working now!

 

Most likely.

May be problems with Windows itself. You may have some registry and or system file corruption, and you may have to work this out in the Software Forum or try a System Restore to a point in time before the problem began. However, I do have a couple more things for you to do first.

Sometimes the best thing to do is just uninstall these protection programs since they frequently get in the way of cleanup and may even be broken due to the malware you had. It was rather obvious that it did not protect you nor help you find and remove the malware anyway. So before doing the below, I suggest that you uninstall ESET first.

Click Start, Run, and enter sfc /scannow and click OK. There is a space after the sfc. This runs System Rile Checker which looks for missing or corrupted system files and attempts to replace/repair them from files on your hard disk or from the CD if necessary. So it will ask for the Windows CD if it needs it. Pay attention to which CD is is asking for as it may ask for an original Windows XP CD or it may ask for the SP3 CD. You have to give it the correct CD if it asks for it. If you don't have one and it is asking for one, then this is the first problem you need to fix since you need the CDs to repair and missing or corrupted system files.


Now download the current version of combofix.exe to your Desktop overwriting the previous copy.


Now we need to use ComboFix

• Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
  • If it is not on your Desktop, the below will not work.
• Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
• If ComboFix tells you it has expired or need to be updated to a new version, make sure you allow it to update.
• Open Notepad and copy/paste the text in the below quote box into it:

• Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
• At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
• You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
• Now use your mouse to drag CFscript.txt on top of ComboFix.exe
• Follow the prompts.
• When it finishes, a log will be produced named c:\combofix.txt
• I will ask for this log below

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.

Now run Ccleaner. Only use the Run Cleaner button. Do not run anything else on any other forms.

Now download the current version of MGtools and save it to your root folder. Overwrite your previous MGtools.exe file with this one.

Run MGtools.exe ( Note: If using Vista make sure UAC is still disabled. Also don't double click on it, use right click and select Run As Administrator )

Now attach the below log:

• C:\ComboFix.txt
• C:\MGlogs.zip

Make sure you tell me how things are working now!

 

You're welcome.

This could indicate problems with the Remote Procedure Call (RPC) service. You should check to make sure it is Started and set to Automatic. You can do this by clicking Start, Run and entering services.msc and clicking OK. Scroll down to the above service and double click on it and verify the settings.

For continued support on your remaining problems, it would be best to continue in the Software Forum because your problems appear to be related to Windows at this point and not malware.

 

I just realized that the last ComboFix run did not really fix the atapi.sys file like it first implied and you still have an infection there and possibly an MBR infection. So before jumping into the Software Forum, let's see if we can get these fixed.

We will need to boot to the Recovery Console ( you installed it while you installed ComboFix) to remove this infection.

Now boot to the Recovery Console and run the fixmbr to clear a Master Boot Record infection that you have.

You can read the below to help you do this:

http://support.microsoft.com/kb/307654


After running the fixmbr command and boot back to normal mode, continue with the below.



Now we need to use ComboFix

• Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
  • If it is not on your Desktop, the below will not work.
• Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
• If ComboFix tells you it has expired or need to be updated to a new version, make sure you allow it to update.
• Open Notepad and copy/paste the text in the below quote box into it:

• Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
• At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
• You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
• Now use your mouse to drag CFscript.txt on top of ComboFix.exe
• Follow the prompts.
• When it finishes, a log will be produced named c:\combofix.txt
• I will ask for this log below

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.

Now run Ccleaner. Only use the Run Cleaner button. Do not run anything else on any other forms.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).



Then attach the below logs:

• C:\ComboFix.txt
• C:\MGlogs.zip

Make sure you tell me how things are working now!

 

Okay neither the MBR infection nor the atapi.sys file infection got fixed. Did you run fixmbr before running ComboFix? Let's try again but FIRST, download and save the current version of combofix.exefor us to use but do not run it yet.

Then boot to the Recovery Console and run the fixmbr command again. Let me know if you get any messages.

Then run the same CFScript.txt fix with ComboFix as last time.

 

ComboFix is still indicating a potential infection. Let's try using ComboFix again after downloading the new version and also this time we will not give it a command to replace the atapi.sys file. We will simply just run ComboFix.

• Download the current version ( combofix.exe ) and save it to your Desktop.
• Then shutdown your protection software
• Then double click on the ComboFix.exe icon to run it.
• Follow the prompts.
• When it finishes, a log will be produced named c:\combofix.txt

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.


Now attach the new C:\combofix.txt log.


Also tell me how your PC is running?

 

Looks like it fixed the atapi.sys problem this time, but just to be safe, it may be a good idea to download the current version of ComboFix and run it one more time to make sure it does not find the same problem again.

Does it tell you what file? Is there more to the message. atapi.sys is a device driver. It may be necessary to debug this further in the Software Forum or to use the below to further diagnose this:

http://adrynalyne.spaces.live.com/blog/cns!AB9DE24BE9AF1B9F!199.entry

 

Your ComboFix log is now clean.

Try running the below procedures and then retry.

Click Start, Run, and enter sfc /scannow and click OK. There is a space after the sfc. This runs System Rile Checker which looks for missing or corrupted system files and attempts to replace/repair them from files on your hard disk or from the CD if necessary. So it will ask for the Windows CD if it needs it.

Now run the below.

Resetting Registry and File Permissions


Restoring SeDebugPrivilege - ignore references to F-Secure Blacklight and Look2Me. The main point is to download and run SeDebug-Restore


Reboot after doing the last step above.

 

It is starting to sound like you may have too much damage to your Operating System or to your user account to fix all the problems. I suggest two things to try.

1. Try creating a new user account with admin privies and see what you can run using it.
2. Or try boot in safe boot mode and truly login using the real Administrator user account and see what you can run.

Also rerun the below on your problem user account:

Please download ( yes download again to be sure you have the current version) and run Win32kDiag per the below instructions:

• Download this Win32kDiag and save to C:\Win32kDiag.exe. You must save it here!!!!
• Click on Start->Run, and copy-paste the following command (the bolded text) into the "Open" box, and click OK. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please attach this log

C:\win32kdiag.exe -f -r


Now run the C:\MGtools\FixPerm.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

• A command prompt window opens and also a license agreement from SysInternals will appear for Junction.
• Accept the license agreement and the scan will begin.
• Wait until it finishes we can take a while to run since it scans your whole harddisk. e patient and don't do anything else while it is scanning.
• The command prompt window should close when it finishes.
• While this is running, you will get several/many popups that have a title Finish and say OK. Just click the OK button each time. This is an indication that it has found a file and has attempted to fix permissions. Depending on how many files that need to be fixed, you could get only a few or many of these popups.

Now download the current version of MGtools and save it to your root folder. Overwrite your previous MGtools.exe file with this one.

Run MGtools.exe ( Note: If using Vista make sure UAC is still disabled. Also don't double click on it, use right click and select Run As Administrator )

Now attach the below log:

• the Win32kDiag log
• C:\MGlogs.zip

Make sure you tell me how things are working now! Also tell me what happened when using a new user account and when using the Administrator account in safe boot mode.

 

We are running out of things to try. There may just be too much damage to your OS to fix and you may have to reinstall. Let's try one more set of steps.

Now uninstall ZoneAlarm.

Now download and save the current version of combofix.exeto your Desktop.

Now we need to use ComboFix

• Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
  • If it is not on your Desktop, the below will not work.
• Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
• If ComboFix tells you it has expired or need to be updated to a new version, make sure you allow it to update.
• Open Notepad and copy/paste the text in the below quote box into it:

• Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
• At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
• You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
• Now use your mouse to drag CFscript.txt on top of ComboFix.exe
• Follow the prompts.
• When it finishes, a log will be produced named c:\combofix.txt
• I will ask for this log below

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.

Now run Ccleaner. Only use the Run Cleaner button. Do not run anything else on any other forms.

Now download the current version of MGtools and save it to your root folder. Overwrite your previous MGtools.exe file with this one.

Run MGtools.exe ( Note: If using Vista make sure UAC is still disabled. Also don't double click on it, use right click and select Run As Administrator )

Now attach the below log:

• C:\ComboFix.txt
• C:\MGlogs.zip

Make sure you tell me how things are working now!

 

Yes but the atapi.sys infection does show up.

• Go to TDSSKiller and Download TDSSKiller.zip to your Desktop
• Extract its contents to your Desktop so that you have TDSSKiller.exe directly on your Desktop and not in any subfolder of the Desktop.
• Click Start > Run and copy/paste the following bold command into Run box and hit Enter.

"%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v

• Follow the instructions to type in "delete" when it asks you what to do when if finds something.
• When done, a log file should be created on your C: drive called "TDSSKiller.txt" please attach this log to your next reply.

 

Download the current version of combofix.exe to your Desktop overwriting the previous copy.

Now we need to use ComboFix

• Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
  • If it is not on your Desktop, the below will not work.
• Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
• If ComboFix tells you it has expired or need to be updated to a new version, make sure you allow it to update.
• Open Notepad and copy/paste the text in the below quote box into it:

• Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
• At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
• You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
• Now use your mouse to drag CFscript.txt on top of ComboFix.exe
• Follow the prompts.
• When it finishes, a log will be produced named c:\combofix.txt
• I will ask for this log below

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.


Now run Ccleaner. Only use the Run Cleaner button. Do not run anything else on any other forms.

Now download the current version of MGtools and save it to your root folder. Overwrite your previous MGtools.exe file with this one.

Run MGtools.exe ( Note: If using Vista make sure UAC is still disabled. Also don't double click on it, use right click and select Run As Administrator )


Now attach the below log:

• C:\ComboFix.txt
• C:\MGlogs.zip

Make sure you tell me how things are working now!

 

Okay just a few more things to try as we are quickly running out of ideas.

Download the current version of combofix.exe to your Desktop overwriting the previous copy. Yes it was updated again just like MGtools as you will see below.




Now we need to use ComboFix

• Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
  • If it is not on your Desktop, the below will not work.
• Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
• If ComboFix tells you it has expired or need to be updated to a new version, make sure you allow it to update.
• Open Notepad and copy/paste the text in the below quote box into it:

• Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
• At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
• You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
• Now use your mouse to drag CFscript.txt on top of ComboFix.exe
• Follow the prompts.
• When it finishes, a log will be produced named c:\combofix.txt
• I will ask for this log below

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.


Now run Ccleaner. Only use the Run Cleaner button. Do not run anything else on any other forms.

Now download the current version of MGtools and save it to your root folder. Overwrite your previous MGtools.exe file with this one.

Run MGtools.exe ( Note: If using Vista make sure UAC is still disabled. Also don't double click on it, use right click and select Run As Administrator )




Now attach the below log:

• C:\ComboFix.txt
• C:\MGlogs.zip

Make sure you tell me how things are working now!



If you still cannot boot in normal boot mode, try each of the below:

• Run MSconfig and select Diagnostic Startup mode. Click Apply and OK. Then reboot.
• Does it bootup with this mode? (Call this Mode 1) This is very limited and you will have no network connectivity. You will need to boot back to your normal method later to answer questions here.
• Now in MSconfig again, select Selective Startup and uncheck the 4 boxes below. It should look like the below (double click to expand the image)

• Then click Apply and OK. Then reboot. Does it bootup with this mode? (Cal this Mode 2) This is very limited and you will have no network connectivity. You will need to boot back to your normal method later to answer questions here.
• If it does boot okay in Mode 2, run MSconfig again and one at a time (with a reboot after each one) try enabling each of the 4 items disabled in Mode 2 to see if you can find which one cause a problem with startup.

 

Hmm!!! ComboFix is showing that your atapi.sys driver is infected again. Let's rerun a few things.

First rerun TDSSkiller exactly like I had you run it a few messages back and attach this new full log.

Now see if you can uninstall Java(TM) 6 Update 7 Let me know if it uninstalls.

I also suggest that you uninstall the extremely outdated and ineffective Ad-Aware SE Professional

 

There is a bug in the new version that has broken the ability to give a log file name. It was clean anyway.

Last thing to try is below and if this does not resolve any remaining problems, I suggest that you backup necessary files and then reinstall.


First run this:Prevx 3.0



Now download The Avenger by Swandog46, and save it to your Desktop.

• Extract avenger.exe from the Zip file and save it to your desktop
• Run avenger.exe by double-clicking on it.
• Do not change any check box options!!
• Copy everything in the Quote box below, and paste it into the Input script here: part of the window:

• Now click the Execute button.
• Click Yes to the prompt to confirm you want to execute.
• Click Yes to the Reboot now? question that will appear when Avenger finishes running.
• Your PC should reboot, if not, reboot it yourself.
• A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).


Then attach the below logs:

• C:\avenger.txt
• C:\MGlogs.zip

Make sure you tell me how things are working now!

 

Still not having malware problems. That driver may be a left over from Sygate Firewall. Try the below.

Click Start, and then click Run. (The Run dialog box appears.)
Type, or copy and paste, the following text:

regsvr32 /u wpsdrvnt.sys

then click OK. If a dialog box confirming this action appears, click OK.

Reboot and then see if you can delete the below file:
C:\WINDOWS\system32\drivers\wpsdrvnt.sys

Then I suggest if you still are having any problems that you post in the Software Forum since our work in this forum has been finished for awhile.


Since you are not having malware problems, it is time to do our final steps. I am not going to have you toggle system restore at this time, just in case you still need to try and use system restore.

1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
3. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
   • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
   • "%userprofile%\Desktop\combofix" /uninstall
     • Notes: The space between the combofix" and the /uninstall, it must be there.
     • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
7. Go to add/remove programs and uninstall HijackThis.
8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
10. After doing the above, you should work thru the below link:
    • How to Protect yourself from malware!

 

You're welcome. Surf safely.