Problems after the 'Run and Read Me' Logs 1

Hi
I have had a week's struggle to get back to a useable computer and thought I was close.

I have carried out a Windows XP 'Repair' from the Dell reinstallation disk.

I am now able to boot normally and have run the tools in the recommended options.

I am now getting many 'Malware found' messages from my Avira ANtivirus guard, and have redirection windows popping up from IE (I reverted to IE8 from the IE6 which appeared after my repair).

I don't think the Avira warnings are real - and it seems to block access to IE, Firefox and others.

I attach the logs from my first run (was unable to run combofix)

Would TRULY appreciate any help in regaining the use and confidence in my PC

Thanks in advance
MrNood

 

Hi - and thanks a million for taking the time to help.

I was unable to run any .exe when logged in normally, so have carried out the instructions insafe mode as administrator.

I was unable to uninstall the java (fatal error message) and I was unable to re-install the new JRE.

I attempted to run getlogs in normal login bet it gave a load of 'access denied' messages.

The attached logs are as requested.

I'll try running in normal login now, and keep youi informed - I think I am still unable to run various apps.

Thanks again

Mr Nood

 

OK - I've tried my normal boot up, but without network connection (I'm using another PC for these communications)

I still have a warning from AVIRA about Ramnit.C

I can run some apps like Windows Explorer, Paint, Notepad, WMP, VLC, Outlook

However, I cannot launch either IE8 or Firefox - there is no message - the app simply fails to run after a short 'timer' cursor.

I also cannot run other installed apps like Paint Shop Pro, Picture Motion Browser (My Sony picture management software), Google Sketchup.
These seem to be apps which I installed myself. They give an error message - "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item'

Bear in mind that I have done a windows repair - do I need to reinstall these software packages?

Also - some of these seem to have been mentioned in the earlier Avira messages. Is it possible that Avira has quarantined some relevant files for these apps?.

Certainly seem to have made some progress - Thanks. I have not tried to connec the network, since these problems still indicate some problems.

Hope the previous logs are appropriate, and hope you can guide me back to a useable PC. (It is just SOOO frustrating that this amount of distress and effort is caused maliciously, and with no benefit to the originator ( I Hope!))

Thanks again

Mr Nood

 

Last bit of info for now...

I booted into safe mode with networking.

I can run all the apps, and have IE and Firefox connection to the web.

Back in normal bootup, with network connection - tried 2 separate user logins (both with admin rights) but neither will run the IE or other apps as described.

Thanks
Mr Nood

 

Sorry bout that. As I said I cannot run some files when in normal mode so I thought that safe mode might be better than nothing.

I have now attempted to carry out the sequence in the 'AdminTest' user with the following results:

1:
mgtools\analyse.exe -will not run under this user. I get the following message:
"Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item'

If I right click it and try to run as I have tried to use the 'Administrator' account but it denies me access.
Result - I have not run analyse.exe.

2:
Uninstall the below old versions of software:
Java(TM) 6 Update 22

Using 'Add and remove programs' from Control Panel. This process results in a 'Fatal Error' message during then uninstall. The program is NOT uninstalled.

3:
OTM
I can now run this from the desktop in this user account. I attach the log from this run.

4:
Install latest JRE:
The Java Setup process fails with the following message:
Installation failed. The wizard was interrupted before Java 6 Update 24 could be completely installed.

5:
Run Getlogs.bat

If I run this from the given user then it generates a whole series of 'Access Denied' lines.
On completion the Dos box shuts down, but the no MGlogs.zip file is created!
I attach 2 screencaps taken whilst it was running.

Sooo - I'm afraid that not much of what you asked is completed in this user.

Just for info - the problem appears to be present in at least 2 user profiles (AdminTest and Geoff). The only users I actually need to keep are "Geoff" and "Joanne".

Thanks again for your time

Mr Nood

 

Hi

I have searched c:\ for *.zip

The only mglogs.zip is from Saturday - and is the one I posted earlier, acquired from safe mode.

I will carry out the 'Read and Run me first' sequence from my login as best I can.

Thanks for your time. It'll be 24 hours or so til I get to the next step since work gets in the way!

Cheers
Mr Nood

 

new logs part 1

Hi

I have run all the scans from 'Read and Run Me..'

I attach the first logs here

 

new logs part 2

Here are the second set of logs

It's v late and i have not yet tested the system, in particular no network connection was made during the scans.

Appreciate your analysis of the logs, and hope we're near to a solution!

Thanks for all your input

Mr Nood

 

Some further info - after a reboot after the scans.

I am unable to run the programs as described before, and cannot run IE or Firefox.

My Avira antiVir is still beeping madly and claims to have found many viruses or unwanted programs.

Shutting down for tonight. Thanks again

 

hi Thanks for the analysis. As you say - not quite the solution I'd hoped for.

I have a few questions if you will:

1: Online scan. I cannot run IE or Frefox under my current user. I think I may be able to in safe mode. Is there any benefit in running the proposed ESET online scan in this mode?

2: Re-install. Is it OK to re-install on the existing HDD?

3: Data: My disk is still readable, and infact I made a complete copy of C: onto another HDD when I first had a crash (using Bootable CD).
I am an amateur photgrapher, and have a large number of pics (jpg, tif, bmp, and psp (paisntshop pro) files. Is there a way of safely accessing them, either to back up from the existing corrupt disk, or to recopy them from the second drive after I re-install.?
Other useful files to recover would include .doc and .pst files

Note the second HDD has been powered OFF during the most part of the tests you have proposed this week, but the copy to it was made After the first appearance of the infection.

If you've any other advice about a clean re-install I'd appreciate it (never done it before). Will I need to install hardware drivers for on board devices? graphics, sound, DVD r/w, etc?

Cheers
Mr Nood

 

Hi

I seem to be thwarted in running the Eset scan.
None of the normal accounts have IE or firefox access.
If I start in safe mode then I can connect, and I can access sites such as Google. However, if I connect to eset.com I get redirected (licosearch) to MSN or facebook (neither of which I subscribe to)
Other mainstream sites such as BBC also are not accessible.

Are there other options before I clean re-install?

The reason I asked about another backup is cos the copy I have is from a 'known infected' disk. I wondered if there was a safer way of making a copy before I overwrite.

Can you tell me how to check if there is a re-install partition? (Otherwise I have the re-install OS disk, and drivers supplied with the PC)

Thanks for the advice.

Mr Nood

 

Hi

I've found the Dell Repair option (Ctrl F11) and it looks set to re-install.

Just holding off doing it, if you can help with the other questions:

1:Is there any other option ? (Whilst I don't have a huge number of installed programs it's always gonna be a pain to get back to where I am after a couple of years useage)

2: Is there a safer way to archive the old disk, (knowing that it is infected) rather than the direct 'copy' I made onto a separate HDD?

Thanks

Mr Nood