A lot more bugs on my other computer

I'm running on a Windows ME computer and this computer is just infected up to my neck in virus' and spyware and ads and all that other fun junk so here are all the logs required for Windows ME.

 

And the last two

 

Welcome to MG's!

Let's start by running ComboFix.

1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Attach this log to your next reply

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.
Once you have completed the above, attach logs from the below.

• GetRunKey
• ShowNew
• HijackThis

 

I just downloaded it and ran it and this is what it says in the MS-DOS Propmt window.

"Bad command or file name

C:\Program Files\%systemdrive%\ComboFix>"

and then in a pop up it says

"Windows cannot find %systemroot%\system32\cmd.exe'. You may have typed the name incorrectly in the Run dialog, or another open program cannot find a system file. To search for a file, click the Start button, and then click Search."

Here are the other 3 logs.

 

First, please disable any antivirus and/or antispy programs you have installed so they will not block this fix.

Pre-Instructions:
Please print out these instructions so that you can operate with All Browser Windows CLOSED.


Step 1:
Please look in Add/Remove Programs for the following and uninstall if found. If you get any errors just make a note and proceed.

Step 2:
Please make sure the Viewing of Hidden Files & Folders is enabled per the READ ME.

Now, please run HijackThis and click on the Open the Misc Tools Section button on the open page. Then select Open process manager on the left-hand side. Look for the following process (or processes) and one at a time kill them by selecting it and then click Kill process. Then click yes.

After killing all the above processes, click Back.

Step 3:
Now scan with HijackThis and check the boxes for the following entries:
( Make sure ALL browser windows are closed when you click FIX )

Again, make sure ALL browser windows are closed when you click FIX.

Step 4:
Copy the contents of the below Quote Box to Notepad. Then click File and then Save As. Change the Save as Type to All Files. Name the file fixme.reg and then click save. (make sure you save it somewhere you can find it. Saving it to your Desktop may make that easy.) Then double-click on the fixme.reg file on your desktop (or locate it with Windows Explorer and double click on it if not saved to the Desktop) and when it prompts to Add in to the registry, say yes.

Step 5:
Now download The Avenger by Swandog46, and save it to your Desktop.

• Extract avenger.exe from the Zip file and save it to your desktop
• Run avenger.exe by double-clicking on it.
• Check the 'Input script manually' box.
• Click on the magnifying glass icon.
• Copy everything in the Quote box below, and paste it in the box that opens:

• Now click the 'Done' button.
• Click on the traffic light icon and OK the prompt.
• You will be prompted to restart, OK the prompt and your PC should reboot, if not, reboot it yourself.
• A log file from Avenger will be produced at C:\avenger.txt

Step 6: Begin here after rebooting from Step 5!
Next Reset Web Settings & Default Security Settings

Note for IE 6 users:
To Reset Web Settings:
Right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK

To Default Security Settings:
Right click on your desktop Internet Explorer icon and select Properties. Then click the Security Tab and click Default Level for Internet, Local Intranet, Trusted Sites, and Restricted Sites. For IE 7 users, simply click the "Reset all zones to default level" button.

Note for IE 7 users:
Select Internet Options, then the Advanced Tab and then the Reset button under Reset Internet Explorer Settings.


Step 7:
Please download ATF Cleaner by Atribune. This program does not require an installation. The executable actually runs the program.

NOTE: This program is for Windows XP and Windows 2000 only. ATF Cleaner will remove all files from the items that are checked so if you have some cookies you'd like to save. Please move them to a different directory first.

• Double-click ATF-Cleaner.exe to run the program.
• Under Main choose: Select All
• Click the Empty Selected button.

If you use Firefox browser

• Click Firefox at the top and choose: Select All
• Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

• Click Opera at the top and choose: Select All
• Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main ATF Cleaner menu to close the program.

Step 8:
After you have completed ALL of the above in the correct order, please attach the following logs.

• HijackThis Log
• ShowNew Log
• GetRunKey Log
• Avenger Log

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now.

 

In addition to my previous fix, once you complete the fix, run this step and attach the new logs from GetRunKey, ShowNew & HijackThis after you have completed this step.

I'm going to post two sets of instructions below. Each will be enclosed in separate Quote boxes. Make sure to complete the first one 100% before moving on to the second one.

• ATTACH THE FIRST LOG NOW BEFORE CONTINUING OR YOU WILL OVERWRITE IT!!!!

 

Not good, Avenger doesn't work for Windows ME

when I click on SmitfraudFix.cmd, it doesn't do anything except open a box asking what do I want to Open it with?

Here are the other 3 logs just in case, that CRSS.EXE and XBN.EXE thing keep coming back

 

Download Pocket KillBox

• Save it to your desktop or a place easy to find.
• Do not run it yet

Next reboot into Safe Mode and manually delete the following folders.

Once you have complete the above, procede by running the next step.

Next, you will be entering items into Pocket KillBox. Please select the “Delete on Reboot” Option. Copy&Paste each of the file names listed below into the box one by one, making sure Delete on Reboot is Checked for each entry. Click the Red X for each entry, but DO NOT Allow your machine to be rebooted until the last item has been entered:

** Note: For any of the .dll files, check the Unregister .dll Before Deleting box as well. If this option is not enabled, don't worry about it.

• If you get an error message about Pending Operations, just reboot your computer manually.

Once you have completed this post, reboot once more and attach fresh logs from HijackThis, ShowNew & GetRunKey.

 

Just a quick dumb question but do you want me to stay in Safe Mode the entire time or should I restart it in normal mode after deleting everything manually in safe mode?

 

It doesn't matter, if you're already in Safe Mode go ahead and run it from there but if you have problems just run it in normal mode.

 

Here are the new logs. After my computer is clean could you possibly direct me towards a Firewall that will work on Window's ME?

 

Let's begin by downloading a tool we will need for this fix.

- Process Explorer

Extract it to its own folder somewhere that you will be able to locate it later.

Make sure you have rebooted in Normal Mode (do not open any other processes)

Make sure that one and only one Internet Explorer browser is opened up

- Run Process Explorer

In the top section of the Process Explorer screen double click on winlogon.exe to bring up the winlogon.exe properties screen. Click on the Threads tab at the top.

Once you see this screen click on each instance of any of the below DLL files (if found) and then click the kill button.
yvt.dll
mpmbj.dll

After you have killed all instances of any of the above DLLs under winlogon click ok.
(If you do not find these DLLS, just continue on.)

Next double click on explorer.exe and again click once on each instance of any of the below DLL files (if found) and then click the kill button.
yvt.dll
mpmbj.dll

After you have killed all instances of any of the above DLLs under Explorer click ok.
(If you do not find these DLLS, just continue on.)

Next double click on iexplore.exe and again click once on each instance of any of the below DLL files (if found) and then click the kill button.
yvt.dll
mpmbj.dll

After you have killed all instances of any of the above DLLs under iexplore click ok.
(If you do not find these DLLS, just continue on.)


Now just exit Process Explorer.

Run HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O2 - BHO: (no name) - {36870D31-E7D1-BE74-A04C-EB2B5D97DFCE} - C:\WINDOWS\SYSTEM\YVT.DLL

O4 - HKCU\..\Run: [Tpei] "C:\WINDOWS\Application Data\touu\csrss.exe" -vt ndrv
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRAM FILES\YAHOO!\MESSENGER\ypager.exe" -quiet

After clicking Fix, exit HJT.

Copy the bold text below to notepad. Save it as fixme1.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it
double click it and allow it to merge with the registry.

Next, if you have not already download, install and run CCleaner

Locate PocketKillbox
(Procede with this step even if they do not show in blue)

Next, you will be entering items into Pocket KillBox. Please select the “Delete on Reboot” Option. Copy&Paste each of the file names listed below into the box one by one, making sure Delete on Reboot is Checked for each entry. Click the Red X for each entry, but DO NOT Allow your machine to be rebooted until the last item has been entered:

** Note: For any of the .dll files, check the Unregister .dll Before Deleting box as well. If this option is not enabled, don't worry about it.

• If you get an error message about Pending Operations, just reboot your computer manually.

After you have complete all of the steps above, reboot back into Safe Mode and delete the following folder.

Once you delete the folder above, reboot back into normal mode and attach fresh logs from ShowNew, GetRunKey & HijackThis.

 

Crap, not good. After I rebooted it and went to normal mode, suppositly my dad shut down the computer and started it back up and now after the HP screen it says "Invalid disk" or something, the Operating System will NOT start at all. I hit F8 and F10 and it did nothing. F1 worked and it says that my operating system is still installed but as Windows 98/2000

 

Be sure there are no disk in the machine such as floppies or CD's.

 

Me and my dad already checked the CD ROM and Floppy Drive, it's empty

 

I was searching around the net for some answers and It looks like the only way to fix this is the put in the System Recovery disk and it says that all my stuff is going to be deleted and my mom is wigging out because she's got pictures on there she wants before it gets erased and I don't think it's possible

 

My suggestion at this point would be to post in the Software Forum to get Windows back running. Once you get Windows running, come back here and we will continue cleaning your system.