Went thru READ and RUN me FIRST, logs attached. HELP PLZ

Hello, pennywisezzz

I am currently reviewing your logs and will get back to you with a set of instructions as soon as possible. Our queue is working the oldest threads first.

Thanks for your patience.
dr.m

 

The below fixes and advice are specific to this member's problem and should be used for issue(s) on this machine only.

Hello, pennnywisezzz

NOTE: I would suggest that you use a better anti-virus than Clam AntiVirus (ClamAV) which is integrated with Spyware Terminator.

Remove this file from your desktop to the proper "Downloads" folder directory:
"C:\Documents and Settings\Compaq_Administrator\Desktop\setup-spybotsd162.exe"

Step 1:
Please look in Add/Remove Programs for the following and uninstall if found. If you get any errors just make a note and continue on.

Step 2:
Run this Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.


Step 3:
Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

After clicking Fix, exit HJT.

Step 4:
Now Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" . Once you have saved it double click it and allow it to merge with the registry.

Please make sure that you tell me if receive a success message about adding the above to the registry - if you didn't, it definitely did not work.

Step 5:
Delete all files and subfolders in the below folders except ones from the current date (Windows will not let you delete the files from the current day).

Step 6:
Open CCleaner - select "Cleaner" > "Run Cleaner" <---use this function ONLY!

Step 7:
Now install the latest Sun Java Runtime Environment

* Make sure you tell me if you had any problems running this procedure and give a description of how things are working now!

dr.m

 

Hi, pennywisezzz

Step 1:
Uninstall Spyware Terminator

Step 2:
Open CCleaner - select "Cleaner" > "Run Cleaner" <---use this function ONLY!

Step 3:
Then - click Start, Run and enter sfc /scannow and click OK. This may ask you for your Windows XP CD so have it ready.

Step 4:
Please download and run Win32kDiag per the below instructions:

• Download this Win32kDiag and save to C:\Win32kDiag.exe. You must save it here!!!!
• Click on Start->Run, and copy-paste the following command (the bolded text) into the "Open" box, and click OK.
  
  C:\win32kdiag.exe -f -r
  
• When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please attach this log.

Step 5:
Now download Junction,zip to your Windows folder

• Please download Junction.zip and save it to your Windows folder (i.e, C:\Windows\Junction.zip This assumes C:\ is your Windows boot drive.)
• Now unzip it and put junction.exe into the Windows folder (i.e., C:\Windows\junction.exe)
• Do not try to run it right now. We will run something that uses it later.

Step 6:
Now we need to reset the permissions altered by the malware on some files.

• Download and save inherit.exe to your Desktop: Inherit.exe
• It must be in your Desktop or the below fix will not work!

Now run the C:\MGtools\FixPerm.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

• A command prompt window opens and also a license agreement from SysInternals will appear for Junction.
• Accept the license agreement and the scan will begin.
• Wait until it finishes we can take a while to run since it scans your whole harddisk. e patient and don't do anything else while it is scanning.
• The command prompt window should close when it finishes.
• While this is running, you will get several/many popups that have a title Finish and say OK. Just click the OK button each time. This is an indication that it has found a file and has attempted to fix permissions. Depending on how many files that need to be fixed, you could get only a few or many of these popups.

Step 6:
Then run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, use right click and select Run As Administrator).

Please attach these files to your next reply.

• Win32kDiag.txt log
• C:\MGlogs.zip

* Make sure you tell me if you had any problems running this procedure and give a description of how things are working now!

dr.m

 

Can you borrow a XP SP3 CD from a friend, while I confer with my colleagues?

dr.m

 

Please uninstall your protection software and re-run the steps in post # 5. *Your issues are not appearing to be malware related.

dr.m