please take a look at my logs

Hello,

i clicked on a link I shouldn't have over the weekend. I had mcafee installed but was stupid enough to click on one the security threat dummy screens.
mcafee caught 2 trojans and deleted them but im a bit paranoid. I ran through the cleaning procedures and could only get logs for superanti spyware and malwarebytes. More details in a bit.

i haven't noticed any hijacking when I try to go to a site. one weird thing is that I get a msg in the system tray (im running windows 7 32 bit) saying that updates are available and I'm not connected to the net. not sure if this is a good thing or not.

Super anti spyware and malwarebyte logs are attached.

i cannot get combofix and the rest to work.

Thanks for the help

I uninstalled mcafee completely to try and get combofix to work and that did not work. I get differing results with combo fix. I don't see any of the screens that should pop up according to the combo fix thread. The blue screen pops up and says it "Please wait. Combofix is preparing to run"

There is no disclaimer of warranty screen like in the guide.

The best I've had combo fix was getting to is

completed stage 2

and then it freezes. Now it doesn't even get there. Eventually the screen disappears and my comp is frozen.

as for rootrepealer. When I double click it opens up but I get the following error msg

FOPS-DeviceI0ControlError! Error Code=0xc0000024 Extended info (0x000000fc)

When I try to scan it says

Could not initialize driver! Please contact the author.

As for Mgtools - The app opens up but eventually says something about
cannot find the specified file and then freezes

How screwed am i? Also should I reinstall mcaffee right away?

 

Hello,

WHen I tried to download the file to the c drive it would not let me so I dl tomy desktop and then moved it to my c drive. My first post when I told you I was having problems was when I was running the exe file (not in any folder) from the c drive

I tried to run the MGtools.exe file (it is not in a folder) from my C drive. This was when I got the msg that it cannot find the specified file( so I was following the directions in putting it in my c drive). I just tried it run it again and it said
Cannot find the specified file and then my comp screen is black now (im on another compwriting this)

What is weird is that in the c drive there is folder that is labelled MGtools and when i double click on it there are many things in that folder. As far as I know when I dl the exe file it should not come as a folder. In the folder is an app called analyse.exe along with many other files. There is also a temp file in the MGtools folder. Some of the other files in the MGtools folder are

chosefix.bat
config.reg
DisableUAC.reg
EnableUAC.reg
ffinfo.txt
filelog.txt
FINDovl.bat etc

There are other apps called

GetDetails.exe
grep.exe
ltime.exe
process.exe
sed.exe
swreg.exe
swwhoami.exe

I have also followed your directions about the cmd line thing
and it doesn't do anything. Maybe I have to wait longer?

I have typed in so that it displays

type in cmd the app pops up and i see
c:\Users\cp25> i type in cd \MGtools to get this
c:\MGtools> I type in GetRunKey and it goes to this
c:\MGtools> and there is a blinking line after

Perhaps I am epexcting a msg to pop up that it is doing something and that is the wrong expectation? Either way I will leave it for a bit to see what happens. Maybe it just needs to do its thing.

BTW is mgtools Hijack This? The label when i right click on the analyse.exe says that its HijackThis in the description

 

User control was turned off. I also turned off superanti spyware and i didn't do anything with the free version of malwarebytes as it only works when you double click on in cause its not monitoring the system.

I ran the 3 programs that were in the mgtools folder that is in my c drive. I also ran other one by mistake - getunkey.bat not sure what that did.

The analyse.exe and shownew.bat seemed to work fine. the getrunkeys.bat just flashed a black screen and disappeared quite quickly. I do have a file called hijackthis.log that was created after i ran the anaylse.exe but I don't know if thats what you are looking for. I have no idea what kind of logs the other 2 programs created although they did create logs.. just dont know which file name they are.

In the c: drive (not in the mgtools folder) there is a zip called mglogs.zip and I think thats what you are looking for. Ill attach to this reply. Thanks again for your help.

 

When I did my previous logs UAC was turned off and I did reboot. I dl the .net exe that you asked. I rebooted. I turn off my spyware. I reran the analyse.exe as an admin by right clicking. I DID NOT get the license agreement when I ran the analyse.exe. The screen that popped up was the called Main Menu. There were buttons below the text that said

What would you like to do?

The buttons said

Do a system scan and save a logfile
Do a systems scan only
view the list of backups
Open the misc tools section and others

After the analyse.exe ran it came up with a text file.


I ran the shownew.bat and it worked fine - no gui just looked like the cmd.exe screen. Said it was trying to find copies of various files which I guess it did. Some file it did not find (like ip6fw). The screen dispappeared after it did its thing.. no txt file showed up with the results

I think I know what is going on with the getrunkeys.bat. There is no file in the mgtools folder called getrunkeys.bat. There is a file called getrunkey.bat without the "s". I ran that(getrunkey.bat) and got a msg saying "The system cannot find the file specified." I'm pretty sure I did not rename the file as I didn't even know the mgtools folder existed. Do I need to rename it?
Regarding the getrunkey.bat file after it says "The system cannot find the file specifed"


I ran the getlogs.bat. it said it cannot find the file specified then a window pops up saying

c:\windows\system32\ndfapi.dll is either not deisgned to run on windows or it contains an error. Try installing the program again using the original installation media or contact your system admin or the software vendor for support.

Other screens also popped up after running the getlogs.bat It said

c;\windows\system32\NETSTAT.EXE is not a valid WIn32 application.

Then all the files and icons on my desktop disappear.


Just a note about spelling of the files.... I am noticing there are discrepancies in how things are spelled in the various programs. EG: the mgtools.exe that is saved in my c: drive - when I run that the cmd.exe screen pops up and it says in a little blurb at the begining that it is a batch file that runs analyes.exe, GetUnkey.bat, GetRunKey.bat, ShowNew.bat etc
Notice how that mgtools.exe spells analyes.exe and how in the MGtools folder the app is spelled analyse.exe.

Also the Mgtools.exe spelled GetRunKey.bat without the s.

Not sure if thats important but if it is looking for file name and they are spelled differently could that be causing problems as its looking for a wrong file? Or is it just spelling mistakes from the programmer?


Not sure what to do next

 

I dl the new mgtools.exe from your link in your post. I overwrit the new one over the old one. The mgtools.exe is in my c: drive. its path would be something like c:\mgtools.exe. I restarted my comp.
I ran the mgtools.exe. A black cmd screen popped up. Said it was running scan with geyunkeys.bat. Then said "adding getunkey.txt"
Then it said " Running scan with getrunkeys.bat version 2.50"
Then my comp froze.

I restarted the comp and ran the analyse.bat in the mgtools folder by right clicking and run as admin. The main menu of hjt came up.. no disclaimer. I hit the button that said "do system scan and save a log" It seemed to work fine as a new txt doc was created at the end.

I did the same thing with shownew.bat. It ran through via a screen that looked like the cmd screen (black /w white txt) and then At the end the black screen disappeared.

I did the samething with the getrunkey.bat. The black/white cmd screen popped up. Said "running scan with getrunkeys.bat version 2.50" The program froze and then froze windows.

Then i ran getlogs.bat by right clicking and run as admin. The black cmd screen comes up and freezes when it get to "Running scan /w getrunkeys.bat"

Btw Im not connected to the internet when I run all this stuff. Does that make a difference?

 

I uninstalled any anti spy and antvi the last time I ran the logs. I ran sn64.bat. The black cmd screen came up and it started searching for things. At the end the screen disappeared. I'm sure it created some type of file. Here is teh new zip.

Btw, there are a few locked folders in my c: drive now. As far as I know there should be no reason they are locked.
The folders are

config.msi
mso cache
documents and settings
system volume information

Is this normal?

 

I ran the Get Run Key as an admin before the re installed the SAS and MBAM software.
I followed your instructions about running the cmd prompt as an admin and tried to run the getrunkey. I tried it twice.
The first time the comp just froze.
The second time it said " The system cannot execute the specified program"

I reinstalled the MBAM and SAS and have attached logs. Also attached is hijack this log.

 

I ran the 2 verify files. After running each one it said

Windows Resource Protection did not find any integrity violations

It did not say anything about attaching error files.


I then typed

cd MGtools (enter)

The prompt changed like you said.

I then typed

GetRunKey > C:\errors.txt

and then the program froze.

 

log is attached

 

I turned off my spyware and ran the test mgtool from your link from my desktop.
It ran some stuff. I left it for about 30 mins. There was an error my that popped up on anew window. It disappeared too fast for me to write it down. Some thing about i/o error then the screen turned black. I let it continue to run after that.
Mgzip is attached.

 

I ran the test mgtools again after deleting the previous mgzip. The site said that I had already uploaded the corrupted version. Tried to rename the file but it still recognized it. I turned off the spyware before I ran the prog as admin.

Got the same error msg about coulndt reference file at xxxx becuase of i/o error and then prog quit then black screen.

New zip is attached. No msg about file being corrupted. If it is corrupted again could it have anything to do with the prog crashing?

I can attach single unzipped files if needed I guess.....

 

requested file is attached. The only thing that I would say is weird with my comp is that my documents and setting folders in c: is locked. As well when I put my comp to sleep after about 10 minutes I can hear it briefly whirring after it has been silent all the rest of the time. The whirring stops after a brief moment.

 

When I tried to open the file before i attached it previously it was empty. zip is attached

Some questions about the uninstall process.. Can i enable the UAC via the menus in Windows to disable it or do i have to run the enableUAC.reg file?