Looking for an all clear.

Welcome to Major Geeks!

You appear to have something that is disabling the registry editior from showing information. I suggest that you do the below.

• Please save Win32kDiag file to your desktop.
• Click on Start->Run, and copy-paste the following command (the bolded text) into the "Open" box, and click OK. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please attach this log

"%userprofile%\desktop\win32kdiag.exe" -f -r


Now let's try the beta version of ComboFix which is named KittyFix.exe

Download ComboFix from http://download.bleepingcomputer.com/sUBs/Beta/KittyFix.exe and save it to your Desktop.

Note: This is a beta version of combofix and might be unstable but tests done so far have proved it works well



Note: It is important that it is saved directly to your desktop and run from the desktop and not any other folder on your computer.

• Now Exit/Close/Disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Close any open browsers and any other programs you might have running.
• Double click on kittyfix.exe & follow the prompts.
  • If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this
• When finished, it will produce a report for you. Please attach the "C:\ComboFix.txt" to your next message.

Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze.


Now delete all files and subfolders in the below folders except ones from the current date (Windows will not let you delete the files from the current day).
C:\WINDOWS\TEMP
D:\Documents and Settings\pc\Local Settings\temp

Now run Ccleaner. Only use the Run Cleaner button. Do not run anything else on any other forms.


Now download the current version of MGtools and save it to your root folder. Overwrite your previous MGtools.exe file with this one.

Run MGtools.exe ( Note: If using Vista make sure UAC is still disabled. Also don't double click on it, use right click and select Run As Administrator )



Now attach the below log:

• the log from Win32kDiag
• C:\ComboFix.txt
• C:\MGlogs.zip

Make sure you tell me how things are working now!

 

See the suggested fix given by Microsoft: http://support.microsoft.com/kb/319114

Did you notice an other error messages? Something still is still blocking reading of registry keys. I think it may be due to how you installed some parts of Windows on drive C and some on drive D. I believe you may have your PATH environment variable messed up. This is probably even the reason why you had the above error about framedyn.dll. The system cannot find the wbem folder. Try doing the below:

• Click Start --> Settings --> Control Panel
• Double click System (You may need to change to classice view on xp)
• Click on the Advanced tab
• Click Environment Variables at the bottom
• In the LOWER list, click on the PATH variable and click edit.
• Copy and paste the below text IN PLACE OF what is there and click ok

%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Java\jdk1.6.0_17\bin;

• Click OK twice to complete this.

If you successfully get the path variable fixed, rerun MGtools and attach a new log.

No! The previous one was correct. procdll.txt is from MGtools.


You did not tell me how things are working.

 

Okay the problem with Tasklist was fixed and your logs are clean. You just need to get properly protected which the below will cover.


If you are not having any other malware problems, it is time to do our final steps:

1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
3. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
   • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
   • "%userprofile%\Desktop\combofix" /uninstall
     • Notes: The space between the combofix" and the /uninstall, it must be there.
     • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
7. Go to add/remove programs and uninstall HijackThis.
8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
9. If you are running Vista, Windows XP or Windows ME, do the below:
   • Refer to the cleaning procedures pointed to by step 6 of the READ ME for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
10. After doing the above, you should work thru the below link:
    • How to Protect yourself from malware!