Browser redirects, Black screen with cursor, no MSCONFIG in search resutls T.T

Welcome to Major Geeks!

Yes you caused yourself a lot of unnecessary grief by not following our instructions which clearly stated to run scans only once and attach the logs if still having a problem. Also they stated to try all steps but keep on going if any particular step does not work.

Can you get Task Manager to open by by pressing CTRL+SHIFT+ESC ?

Can you get Windows Explorer to run from Task Manager?

Can you get a command prompt window to open from Task Manager?

Can you run C:\MGtools\analyse.exe from Task Manager?

If you can run analyse.exe from Task Manager, do the below.

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

F2 - REG:system.ini: UserInit=C:\Windows\system32\winlogon32.exe
O4 - HKLM\..\Run: [smss32.exe] C:\Windows\system32\smss32.exe

After clicking Fix, exit HJT.

Then reboot and see where things stand.

 

You should run the READ & RUN ME FIRST cleaning process and attach the 5 requested logs. Don't do anything else on your own and don't follow procedures given in a thread belonging to someone else. The only common thing to run is the READ & RUN ME FIRST. From that point on, all instructions are unique to user posting in the thread.

 

According to your ComboFix log, you ran MGtools before combofix and already have a log per the below

Code:

2010-01-12 06:21 . 2010-01-12 06:43 193402 ----a-w- C:\MGlogs.zip

What is this log from? Did you already run MGtools a week ago? What happens if you download the current version of MGtools.exe and run it again.

 

Why are you running this PC with NO protection????

You need to put ComboFix.exe directly on your Desktop as requested!!! You ran it from the below folder:
Running from: c:\users\Administrator\Downloads\ComboFix.exe

You used shortcuts on your Desktop to do this and that is not what we specified to do. You will not be able to follow the below instructions until you do this properly.

Delete the below files from your Desktop:
C:\Users\Administrator\Desktop\ComboFix - Shortcut.lnk
C:\Users\Administrator\Desktop\combofixlog.txt
C:\Users\Administrator\Desktop\ComboFix.exe - Shortcut.lnk

Also delete the below folder:
C:\Users\Administrator\Desktop\MGtools



Now go to TDSSKiller and Download TDSSKiller.zip to your Desktop

• Extract its contents to your Desktop so that you have TDSSKiller.exe directly on your Desktop and not in any subfolder of the Desktop.
• Click Start > Run and copy/paste the following bold command into Run box and hit Enter.

"%userprofile%\Desktop\TDSSKiller.exe" -v

• Follow the instructions to type in "delete" when it asks you what to do when if finds something.
• When done, a log file should be created on your C: drive named something like TDSSKiller.2.1.1_27.12.2009_14.17.04_log.txt which is based on the program version # and date and time run.

Now we need to use ComboFix

• Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
  • If it is not on your Desktop, the below will not work.
• Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
• If ComboFix tells you it has expired or need to be updated to a new version, make sure you allow it to update.
• Open Notepad and copy/paste the text in the below quote box into it:

• Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
• At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
• You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
• Now use your mouse to drag CFscript.txt on top of ComboFix.exe
• Follow the prompts.
• When it finishes, a log will be produced named c:\combofix.txt
• I will ask for this log below

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.

Now run Ccleaner. Only use the Run Cleaner button. Do not run anything else on any other forms.

Now download the current version of MGtools and save it to your root folder. Overwrite your previous MGtools.exe file with this one.

Run MGtools.exe ( Note: If using Vista make sure UAC is still disabled. Also don't double click on it, use right click and select Run As Administrator )


Now attach the below log:

• C:\ComboFix.txt
• C:\MGlogs.zip

Make sure you tell me how things are working now!

 

Click Start, Run, and enter sfc /scannow and click OK. There is a space after the sfc. This runs System File Checker which looks for missing or corrupted system files and attempts to replace/repair them from files on your hard disk or from the CD if necessary. So it will ask for the Windows CD if it needs it.

After running the above, reboot your PC and see if you can continue with previous instructions from the point after ComboFix was run. Do not run ComboFix again.

 

You're welcome. Your logs are clean.




If you are not having any other malware problems, it is time to do our final steps:

1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
3. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
   • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
   • "%userprofile%\Desktop\combofix" /uninstall
     • Notes: The space between the combofix" and the /uninstall, it must be there.
     • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
7. Go to add/remove programs and uninstall HijackThis.
8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
9. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
   • Refer to the cleaning procedures pointed to by step 6 of the READ ME for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
10. After doing the above, you should work thru the below link:
    • How to Protect yourself from malware!