Please help... logs attached.

Hello,

I was having problems with the mailer-daemon messages and was unable to send or receive email from or to certain email address.
I ran all of the "read me first" programs but can't find the mglogs.zip. I searched. Should I run it again? I am a very slow learner.. please be patient.

Vista
32 bit

 

Hi cvsnow,

http://img600.imageshack.us/img600/2693/mgtools.gif Please download the latest MGtools.exe to the root of your c: drive.

• Replace your existing MGtools.exe with this one.
• Now run this new MGtools.exe by double-clicking it. (Vista/7 right-click and select Run as Administrator)
• When it is finished, attach c:\MGlogs.zip to your next message. (How to attach)

 

I was unable to run RR- the error message was hiberfiles.sys Locked to windows.. could not run.
I have had so many different problems.. I realized that the "Hidden Files" was never closed since my last scan.
I have attached the logs.

 

Hi,

Can you locate the following file: c:\MGlogs.zip

Then attach MGlogs.zip to your next post. (How to attach)

 

Here you go and thanks so much in advance. Where do I go to donate?????

 

Hello,

There is not much malware in your logs. I think your issue is more software related than anything but go ahead and run the steps below and then let me know how the system is running after you have completed them all.

http://img825.imageshack.us/img825/2648/hjt.gif Run C:\MGtools\analyse.exe by double-clicking it (Vista/7 right-click and select Run as Administrator)
Shut down your protection software now (antivirus, antispyware...etc) to avoid possible conflicts.
Choose "Do a system scan only" and select the following lines but do not click fix until you exit all explorer windows and all browser sessions including the one you are reading in right now:

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)

After clicking Fix, exit out of Trend Micro HiJackThis - v2.0.4


http://img194.imageshack.us/img194/4930/combofix.gif Fixing items using ComboFix
Make sure that ComboFix.exe that you downloaded while doing the READ & RUN ME is on your desktop -- but do not run it.
If it is not on your desktop, the below will not work.
Shut down your protection software now (antivirus, antispyware...etc) to avoid possible conflicts.
Open Notepad and copy/paste the text in the below code box into Notepad:

Code:

[COLOR="DarkRed"]KillAll::[/COLOR]
[COLOR="DarkRed"]ClearJavaCache::[/COLOR]
[COLOR="DarkRed"]DDS::[/COLOR]
uStart Page = hxxp://search.babylon.com/?AF=100486&babsrc=HP_ss&mntrId=b4265e71000000000000001bb9d574b1
[COLOR="DarkRed"]DirLook::[/COLOR]
C:\Users\SNOW\Desktop\ufoscreensavers
C:\Users\SNOW\Desktop\35627godwin
[COLOR="DarkRed"]FireFox::[/COLOR]
FF - ProfilePath - c:\users\SNOW\AppData\Roaming\Mozilla\Firefox\Profiles\aguk6ql3.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2559647&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Coupons.com Customized Web Search
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=100486
FF - user.js: extensions.BabylonToolbar_i.babExt - 
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - b4265e71000000000000001bb9d574b1
FF - user.js: extensions.BabylonToolbar_i.hardId - b4265e71000000000000001bb9d574b1
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15353
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1715:42
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
[COLOR="DarkRed"]File::[/COLOR]
C:\Users\SNOW\AppData\Local\temp\ukdMOAQ2.rar.part
[COLOR="DarkRed"]FileLook::[/COLOR]
c:\windows\system32\user32.dll
c:\program files\CAT\cat.exe
[COLOR="DarkRed"]Folder::[/COLOR]
c:\program files\Ask.com
C:\Program Files\MyWebSearch
[COLOR="DarkRed"]RegLock::[/COLOR]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[COLOR="DarkRed"]Registry::[/COLOR]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ApnUpdater"=-
"QuickTime Task"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"m3ffxtbr@mywebsearch.com"=-
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{A6D1E418-A2B6-4F96-88A1-43FC085133A8}]

Save this file as CFScript.txt to your desktop. So now you should have both CFScript.txt and ComboFix.exe on your desktop.
Now use your mouse to drag CFScript.txt on top of ComboFix.exe and then release.
http://softvisia.com/users/Night_Raven/Security/cfsdnd2.gif
This will launch ComboFix.
Note: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Allow ComboFix to update itself if prompted.
When ComboFix finishes, a log will be produced at C:\ComboFix.txt
Attach this log to your next message. (How to attach)

http://img196.imageshack.us/img196/3557/tdsskiller.gif I want you to read and follow these instructions: TDSSKiller - How to run

http://img17.imageshack.us/img17/3214/baticonvista7.gif Now run C:\MGtools\GetLogs.bat by right-mouse clicking it and then selecting Run as Administrator
This updates all of the logs inside MGlogs.zip.
When it is finished, attach C:\MGlogs.zip to your next message. (How to attach)

 

Thank you for asking but we do not accept donations. Just tell your friends about MajorGeeks

 

Hi and thanks so much. I had already deleted MGTools and Combofix from my computer... is there a certain way I need to do this... I can't right click on MGTools\analyse,exe. I have just now downloaded both of them to my desktop....

 

First let me ask you this, what malware problems are you experiencing?

 

I am getting errors telling me there is too much information to send to the server... it only happens when I ... I can go to a website but if I click on a link the screen goes white and the test is black.(the error text)

I happens also when I am in PayPal trying to edit some things for my site.... I know this is probably a server problem..I don't know how to remove my cookies... I did empty my cache. My computer is just really slow to load and it's being weird... asking me for my password for my email on windows mail...

I am putting your link on my website and send all my customers to you. This is the best set up ever.. thanks so much

Snowrolleyes

 

Ok I will address your other questions first so that you can complete the steps I outlined for you

Yes. Do you see c:\MGtools\analyse.exe file?

Double-click on it if you do.

Let me know if you are not seeing this file.

 

I had to save mgtools.exe to my desktop. When I click right click on it and run as admin.. a black box comes up and says access denied... I don't see analyse.exe

I have another question... I am unable to back anything up to my D: drive. It says it is full and I don't have permission to delete old files. I bought a new "mybook" external backup and it says it doesn't recognize the program.. could both of my usb ports be bad?

 

Highly unlikely that the USB ports are bad. More than likely it is something software/Windows related or maybe even driver related.

This really isn't the scope of this particular forum. I would recommend posting this issue with the external hard drive at: Software

As far as malware goes, there really isn't anything in your logs that would be the cause of the problems you have described. There were some very minor traces of adware.

If you would like to remove these, first start by double-clicking the MGtools.exe file instead of right-mouse clicking it. Let me know if you still get a permission error when doing this.