Followed The Steps But Have MGTools Issue

According to Combofix, you did get the MGLogs.zip. It's where we say it should be: C:\MGlogs.zip

 

Yes but based on the size, it likely aborted after the first scan with GetUnKey which means you will have to debug the reason for it failing to run completely.

 

It's there, but as I stated, likely incomplete. Do the below.

• Click the Manage Attachments button
• Then click the Browse button
• The click My Computer
• The double click the Local Disk (C : ) selection
• Scroll to where you see MGlogs.zip and double click it to select it.
• Then click the Upload button to attach it.

Now do the below.

Please click Start, Run, and enter cmd and click OK. This will open a command prompt window. Enter the below commands at the command prompt each followed by the enter key. The bold black are commands. The purple is merely informational.

cd \MGtools <-- this changes to the MGtools folder and the prompt should change to C:\MGtools>
GetRunKey <-- this will try to run all one scan from MGtools. Tell me what error messages, if any, you see.
ShowNew <-- this will try to run all another scan from MGtools. Tell me what error messages, if any, you see.

 

I just noticed that you did not install the current version of SUPERAntiSpyware and are extremely out of date, and are also about 300 database versions out of date with Malwarebytes. You need to do the below immediately.

• Please uninstall your current version (this is necessary).
• Then download this SUPERAntiSpyware
• Install this new version. It may tell you that you need to reboot to complete the installation. You must reboot at this time.
• After the reboot, run SUPERAntiSpyware and immediately click the Check for Updates button to get more updates for the database.
• Now run a new full scan of your system. And attach this new log.

Now run Malwarebytes and click the Update tab. Then click the Check for Updates button so you update to the current version of the program and database. Then run a new scan with it too. Make sure you fix the problems found before saving a log. Attach the new log.

 

You are using a 2.5 year out of date version of MGtools. Please download and use what was given to you in the READ & RUN ME also run proper versions of SAS and MBAM as already requested. You are obviously not running the current version of our tools.

 

Not possible since the old version is not online. You did not bookmark the link from the READ & RUN ME and likely bookmarked something from an old thread.

 

And what happens when you run GetRunKey and ShowNew ( try both of them this time and note that last time even though you received an error GetRunKey did create a log, so attach the new MGlogs.zip file after trying both GetRunKey and ShowNew.

You still need to run the current versions of SAS and MBAM. Please do not post again until you have run them and have new logs.

 

It is still showing that you are running the same outdated version of MGtools.

Please delete the below:

• C:\MGlogs.zip
• C:\MGtools.exe
• C:\MGtools << the whole folder

Now download the below and save it directly onto your Destop

MGtools


Now reboot your PC into Safe Boot Mode and do the below.

Please click Start, Run, and enter cmd and click OK. This will open a command prompt window. Enter the below commands at the command prompt each followed by the enter key. The bold black are commands. The purple is merely informational.

cd Desktop <-- this changes to your Desktop folder and the prompt should change to show the full path to your Desktop
GetLogs <-- this will try to run all of the scans from MGtools. Tell me what happens.

Even if it appears to get error messages, look for the C:\MGlogs.zip file and attach it.

 

Please give us exact word for word message! Don't guess or translate it to something else. Being exact can help us determine what may be wrong.

Did you run this last time in safe boot mode?

Please try running each of the below from the command prompt in safe boot mode.


cd \MGtools <-- this changes to the MGtools folder and the prompt should change to C:\MGtools>
GRK <-- this will try to run all one scan from MGtools. Tell me what error messages, if any, you see.
SN64 <-- this will try to run all another scan from MGtools. Tell me what error messages, if any, you see.
NwkTst <-- this will try to run all another scan from MGtools. Tell me what error messages, if any, you see.
UserInfo <-- this will try to run all another scan from MGtools. Tell me what error messages, if any, you see.
analyse < if it runs, HijackThis, select Do a scan and save a logfile


Now attach the C:\MGlogs.zip file. Also look for C:\MGtools\hijackthis.log and attach it if it exists.

 

Also based on your uninstall programs list, you have the below installed:


Norton AntiVirus Parent MSI
Norton Internet Security


I suggest that you uninstall these now and then run the below to cleanup after Norton.


Please run the below then reboot. After reboot run it one more time.

Norton Removal Tool (SymNRT)

 

Now we need to use ComboFix

• Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
  • If it is not on your Desktop, the below will not work.
• Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
• If ComboFix tells you it has expired or need to be updated to a new version, make sure you allow it to update.
• Open Notepad and copy/paste the text in the below quote box into it:

• Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
• At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
• You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
• Now use your mouse to drag CFscript.txt on top of ComboFix.exe
• Follow the prompts.
• When it finishes, a log will be produced named c:\combofix.txt
• I will ask for this log below

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.


Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).

Then attach the below logs:

• C:\ComboFix.txt
• C:\MGlogs.zip

Make sure you tell me how things are working now!

 

Okay that's much better.

Now we need to finish removing more Norton leftovers and some items for Comodo which was somewhat broken and will have to be reinstalled anyway.

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (file missing)
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O24 - Desktop Component 0: (no name) - (no file)

After clicking Fix, exit HJT.


Now we need to use ComboFix

• Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
  • If it is not on your Desktop, the below will not work.
• Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
• If ComboFix tells you it has expired or need to be updated to a new version, make sure you allow it to update.
• Open Notepad and copy/paste the text in the below quote box into it:

• Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
• At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
• You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
• Now use your mouse to drag CFscript.txt on top of ComboFix.exe
• Follow the prompts.
• When it finishes, a log will be produced named c:\combofix.txt
• I will ask for this log below

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.


Now reinstall your antivirus and firewall ( I assume this will be Avast! Home Edition and Comodo ? ).

Now run Ccleaner. Only use the Run Cleaner button. Do not run anything else on any other forms.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).


Then attach the below logs:

• C:\ComboFix.txt
• C:\MGlogs.zip

Make sure you tell me how things are working now!

 

You did not run the last fix based on the logs you attached. Or perhaps you just did not allow the GetLogs.bat program to finish running. Quite a few scan files were not updated.

 

Does it run if you boot in safe mode and run GetLogs.bat

 

Let's check to see if there is a corruption in a particular registry key that could be causing this.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1

Download Mirror #2

• Double-click SystemLook.exe to run it.
• Copy the content of the following codebox into the main textfield:
  Code:

  :reg 
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\VirtualDeviceDrivers

• Click the Look button to start the scan.
• When finished, a notepad window will open with the results of the scan. You can just close this notepad window since the log is already saved on your Desktop.
• Please attach the SystemLook.txt log found on your Desktop to next reply.

 

That looks fine. Goto this link Using MGtools and run the XPHome fix mentioned for Error Message Type one. Make sure that you allow the files to be extracted into the default folder which is the C:\Windows\system32 folder otherwise the fix will not do anything at all. I'm not sure if this is the problem or not and it is too difficult to figure out without me sitting in front of your PC. This problem you are having is rather unique to your PC so something is missing somewhere from your Windows OS or your registry that is root cause.

However please tell me if you are having any current malware problems as we may not want to waste too much more time on figuring out why some scans will not run especially the versions design for 32 bit systems which is what you have.

 

You're welcome. Please let's just try one more fix to see if we can locate the reason why it will not run.


Please download and run Win32kDiag per the below instructions:

• Download this Win32kDiag and save to C:\Win32kDiag.exe. You must save it here!!!!
• Click on Start->Run, and copy-paste the following command (the bolded text) into the "Open" box, and click OK. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please attach this log

C:\win32kdiag.exe -f -r


Now download Junction,zip to your Windows folder

• Please download Junction.zip and save it to your Windows folder (i.e, C:\Windows\Junction.zip This assumes C:\ is your Windows boot drive.)
• Now unzip it and put junction.exeinto the Windows folder (i.e., C:\Windows\junction.exe)
• Do not try to run it right now. We will run something that uses it later.

Now we need to reset the permissions altered by the malware on some files.

• Download and save inhertit.exe to your Desktop: Inherit.exe
• It must be in your Desktop or the below fix will not work!

Now run the C:\MGtools\FixPerm.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

• A command prompt window opens and also a license agreement from SysInternals will appear for Junction.
• Accept the license agreement and the scan will begin.
• Wait until it finishes we can take a while to run since it scans your whole harddisk. e patient and don't do anything else while it is scanning.
• The command prompt window should close when it finishes.
• While this is running, you will get several/many popups that have a title Finish and say OK. Just click the OK button each time. This is an indication that it has found a file and has attempted to fix permissions. Depending on how many files that need to be fixed, you could get only a few or many of these popups.

Now please click Start, Run, and enter cmd and click OK. This will open a command prompt window. Enter the below commands at the command prompt each followed by the enter key. The bold black are commands. The purple is merely informational.

cd \MGtools <-- this changes to the MGtools folder and the prompt should change to show C:\MGtools>
GetLogs > capture.txt <-- this will try to run all of the scans and log the output normally seen on the screen to a file. Tell me what happens.

Give the about GetLog command about 20 minutes and then if it is not finished, just hit CTRL-C a couple times if necessary and then hit the space bar. This should hopefully abort the process if hung.

Even if it appears to get error messages, look for the C:\MGlogs.zip file and attach it. Also look for the C:\MGtools\capture.txt log and attach it. Also don't forget to attach the Win32kDiag.txt log.